Announcement

Collapse
No announcement yet.

Minimum Password age

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Minimum Password age

    Hello all,

    First time posting: Hope I am posting in the correct place or you all can help get me to the correct place.

    Basically we have a portal site running that we created to connect to Citrix servers. We have set up a tool that when a user forgets a password they are given a security question, they answer the question correctly and get emailed a new password that ldap generates. The user then puts in the new password and then is required to change password at next logon. The problem is the Default GPO Minimum Password age is set to 1 so the user can't change the password.

    Does anyone know how to get around this without setting to zero?

    We are trying to set the Change password on next logon or password last modified date to zero but can't seem to find where to do this or where it gets changed.

    When we login as a domain admin, reset a users password and set to change password at next logon it works. The LDAP user is a domain admin so we assumed it would work as if we were logged into the server.

    Thanks in advance for any help!

  • #2
    Re: Minimum Password age

    You will need to modify it from your domain security policy. Assuming its set at the domain root open the "default domain security settings". Browse to account policies>password policies>Minimum password age.

    Comment


    • #3
      Re: Minimum Password age

      Thanks for the reply but we can't change the policy to zero so we are working on code to flip the switch to allow the users to change the password and we need to know this location.

      Comment


      • #4
        Re: Minimum Password age

        I never said change it to zero. You can change to to whatever you see fit as to how many passwords are remembered. And i have given you the location above.

        Comment


        • #5
          Re: Minimum Password age

          My problem is the code we are using that tells the user to change the password has already changed the password within active directory and then when the user puts in this new password they have to change it again at next logon.

          The user can't change it again because it has been less than one day.

          So how does the Active Directory know that the password has just been changed and where is this flag set?

          Comment


          • #6
            Re: Minimum Password age

            You can set the option Change password at next logon by modifying the user account properties for the user in AD.

            The following is a untested script for it:
            http://gallery.technet.microsoft.com...0-b18f544e478f

            The policy you are trying to modify would effect all users and not just those whose password was lost.
            AD Admin

            Comment

            Working...
            X