How to configure the domain password expiration policy in the Microsoft Active Directory

The Microsoft Active Directory is a great system to manage the security of servers and workstations. One of the fundamental security tools is the password expiration policy.

To set the password expiration policy in an Active Directory domain follow the steps below

  • Remote desktop into the domain controller
  • Start the Active Directory Users and Computers snap in
  • Right click the root domain name and select Properties
  • Select the Group Policy tab
  • In the middle select the Default Domain Policy Group Policy Object Link
  • Click the Edit button
  • On the left side expand Computer Configuration > Windows Settings > Security Settings > Account Policies
  • Select the Password Policy and Account Lockout Policy keys to set the desired values

active directory password policy

 

Warning!

All new and existing user accounts will inherit these settings, and the password of existing user accounts will immediately expire where the “Password never expires” option is not set.

Leave a Reply