Password Expiration...

[mene]

Good afternoon,
Would someone explain to me what I am doing wrong with setting password
expiration on my Windows 2000 server?

For this scenario lets assume I installed active directory and created
50 user accounts 120 days ago. It has been 150 days now, nobody has changed
their password and I want to enforce password expiration of 120 days.

I open Domain Controller Security Policy and set the value to 120. No
passwords have expired. I look at the user information using 'net user
%username% /domain', expiration field states "Never".

I open Domain Security Policy and set the value to 120, just because it
did not work above. No passwords have expired. I look at the user
information using 'net user %username% /domain', expiration field states
"Never".

What am I doing wrong? I have not configured any group policies, I have
not touched any user accounts. Everything just exists as plain as plain can
be from install. Please help.

Thanks in advance
mene mene

 

[Paul Adare]

What am I doing wrong?

Password policy needs to be set in a GPO linked to the domain container,
not to the domain controller's OU. Set the policy in the Default Domain
Policy GPO, not the Default Domain Controller Policy GPO.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea