Let's say I have a group policy that sets the maximum password age at 90 days. Some user doesn't change their password for 91 days, so their password should be expired.
If I then remove that group policy to make the max password age not defined, will that account still be expired? In other words, when that user logs in again, should they still be required to change their password?
I would think not, but I seem to be observing the exact opposite behavior on our domain controller; that is, after I change the group policy setting and login with an account whose password had expired, I still get prompts about it.
Does anyone know for sure either way, or is there something else I'm missing?
Best Answer
Once a password is expired that is it. They will be prompted to change it. Even if you change the group policy. The reason is because the account has a flag get set that says "change password on next login"
You could go into the User & Groups Manager and set the user back to not expired password.