“Password Expiration Policy” specifies the number of days users can use the same password before it expires. In domain environments, the default password expiration is 42 days, after which users must change their passwords to continue using their computers and accessing network resources.
This guide provides step-by-step instructions on how to change the default “Maximum Password Age” or disable the password expiration policy in an Active Directory 2012/2016 domain. *
*Note: Read this article to change password expiration on Windows 10 and standalone Server 2016/2012: How to set password expiration on Windows 10 and Server 2016/2012 stand-alone servers.
How to change or disable the password expiration policy in Active Directory.
1. Open Active Directory Domain Controller Server Manager and then from Tools open the menu Manage Group Policy. *
* Also, go to Control Panel -> Administrative tools -> Manage Group Policy.
2. under Domainsselect your domain and then right click at Default domain policy and select Editing.
3. Then go to:
- Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policies
4. Double click on the right panel Maximum password age.
5. Now check the Define this policy setting and do the following depending on what you want:
a. To whom Change the Number of days before passwords expireenter how many days the user can use the same password before they have to change it (eg 180 days = 6 months) and click OK.
b. To whom Delete the Password Expiry Policy, Set this number so that the password never expires Zero (0) and press OK. (By specifying a value 0, all domain accounts are never required to change their password).
*Notes: “Maximum password age” setting specifies the time (in days) a password can be used before the system prompts the user to change the password. You can set passwords to expire after 1 to 999 days.
6. Finally, open it Command line as administrator and issue the following command to update the group policy or restart AD server.
ADDITIONAL NOTE – HELP:
If you have changed the “Maximum Password Age” as described above and this policy does not apply to a user:
1. Opening Active Directory Users and Computers.
2. Select Users group in the left panel.
3. In the right pane, right click on the user that is not running the policy and select Characteristics.
4. At Account tab, remove the mark the Password never expires select and click OK.
That’s it! Let me know if this guide helped you by leaving a comment about your experience. Please like and share this guide to help others.