S
S
Sevastoporn2019-09-23 17:36:26
Active Directory
Sevastoporn, 2019-09-23 17:36:26

Is it possible in AD to change the password expiration time?

If a user in Active Directory has a password that expires after 7 days, is it possible to increase the expiration date by 3 days, for example?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vadim Choporov, 2019-09-23
@sevastoporn

Hemorrhoid. Maybe I can help you come up with a way that is convenient for you:
UZ has a pwdLastSet property - exactly from this value the password expiration date is counted. You cannot take and change this property with your hands - you can deceive. For example, in order to extend the password validity period for a set period (in your case, for another 7 days) - check the "User must change password at next log on" checkbox next to the UZ and save the UZ. Then go to properties again and change to "Other password options" and save. This action will change the above field to the current time, and the countdown will start from the beginning, while the pass will remain the same.
There is also Fine-grained password policy - this is the ability to configure granular password policies for groups / UZs. You can play around with this by adding it to groups with custom settings, you can make the necessary logic - but I didn’t check how it would behave for an account with an already expired password.
Well, quite on the forehead - in the password policy to extend, but here it is no longer granular, plus updating policies - up to 2 hours.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question