Hi there,
Forgive me if this is a stupid question - I'm afraid I'm not a network admin, but our helpdesk gets bombarded with calls because of this and I've been asked to research a solution.
Our AD passwords expire every 90 days (feel free to hiss in horror - we know it's not good, but it's a 'political' issue at our workplace), but we have a vast number of users that log on (to an employee self-service website) only a handful of times in a month-long period PER YEAR.
Of course, their passwords have expired by the time they try to log in, but here's the problem - they can't log in at all to RESET their passwords. Those of us log in regularly still have the same problem, if we ignore the 'your password will expire in X days' notice (if we actually take vacation, for example!) - if our passwords expire, we can't get in until someone else resets the password for us.
My online research and mowing through Microsoft's
Active Directory Server book - and indeed, noodling about in AD itself - don't reveal this to be a setting we can control (although I only have partial admin privileges within AD, so I could be missing something). Having read other posts in this forum, it appears that this ISN'T the norm - that normally one can log into an account with an expired password, and just have to reset the password immediately.
What can we do? Does this require some sort of third-party add-in, or is there some setting I can tactfully point the network admins at?
Thanks so much!
Forgive me if this is a stupid question - I'm afraid I'm not a network admin, but our helpdesk gets bombarded with calls because of this and I've been asked to research a solution.
Our AD passwords expire every 90 days (feel free to hiss in horror - we know it's not good, but it's a 'political' issue at our workplace), but we have a vast number of users that log on (to an employee self-service website) only a handful of times in a month-long period PER YEAR.
Of course, their passwords have expired by the time they try to log in, but here's the problem - they can't log in at all to RESET their passwords. Those of us log in regularly still have the same problem, if we ignore the 'your password will expire in X days' notice (if we actually take vacation, for example!) - if our passwords expire, we can't get in until someone else resets the password for us.
My online research and mowing through Microsoft's
Active Directory Server book - and indeed, noodling about in AD itself - don't reveal this to be a setting we can control (although I only have partial admin privileges within AD, so I could be missing something). Having read other posts in this forum, it appears that this ISN'T the norm - that normally one can log into an account with an expired password, and just have to reset the password immediately.
What can we do? Does this require some sort of third-party add-in, or is there some setting I can tactfully point the network admins at?
Thanks so much!
