Admin Password Expiration time

[Guest]

I know that with AD you cannot set a group to have a different password
policy. You would need to create another AD domain and change the policies
to the group in the other domain.

I was told that there was a tool that would allow a group to have a
different password policy from the entire AD domain. Does anyone know of
this tool and has anyone had experience with it.

We would like to have the members of IT to have their password expire in 30
days and have end user to have their passwords set to 90 days.

Please help.

 

[Herb Martin]

"Brian from South Florida" <Brian from South
(e-mail address removed)> wrote in message

I know that with AD you cannot set a group to have a different password
policy. You would need to create another AD domain and change the policies
to the group in the other domain.

I was told that there was a tool that would allow a group to have a
different password policy from the entire AD domain. Does anyone know of
this tool and has anyone had experience with it.

I have never heard of it, but as a programmer it would be theoretically
possible to keep an separate database of Groups and when to expire
their password.

Then the program could run through the group list and set "user must change
password at next logon" to simulate such a feature.

We would like to have the members of IT to have their password expire in 30
days and have end user to have their passwords set to 90 days.

As you know, it is not officially supported.

Would the "30/90 days" be all at the same time or from the
time THAT specific user changed their password last? The
everyone same version would be a bit easier to code.