On a windows 2008 AD controller how can the maximum password age policy be changed, for all domain accounts?
Set maximum domain password age in Windows 2008
active-directory
Related Topic
- Change domain password from non-domain computer (AD)
- Password Policy seems to be ignored for new Domain on Windows Server 2008 R2
- Security – the rationale for a minimum password age
- Group Policy “Maximum password age” fails to apply
- Password reset fails for end users when minimum password age set for more than 0 days
Best Answer
The default domain policy has some of the password policies set by default. This is where you can set the password policies. see Password Policy and for the new features see Fine grained password policies
Prior to Windows Server 2008, you could have only one password and account lockout policy per domain, which applied to all users in the domain. As something new in Windows Server 2008 AD DS, it is now possible to define different sets of password or lockout policies to different set of users in the same domain.