Menu

How to Change or Disable Password Expiration on Domain 2012/2016.

The "Password Expiration Policy" defines the number of days that users can use the same password before it expires. In domain environments, the default password expiration time is 42 days, which means that after that time users must change their password to continue using their computer and access network resources.

This guide contains step-by-step instructions on how to change the default "Maximum password age", or to disable the password expiration policy on a Active Directory Domain 2012/2016. *

* Note: To change the password expiration on Windows 10 & Standalone Server 2016/2012, read this article: How to Set Password Expiration Date on Windows 10 & Server 2016/2012 Standalone Servers.

How to Change or Disable Password Expiration Policy in Active Directory.

1. In Active Directory Domain Controller, open the Server Manager and then from Tools menu, open the Group Policy Management. *

* Additionally, navigate to Control Panel -> Administrative Tools -> Group Policy Management.

Open Group Policy Management

2. Under Domains, select your domain and then right click at Default Domain Policy and choose Edit.

disable password complexity requirements active directory 2016

3. Then navigate to:

  • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy

4. At the right pane, double-click at Maximum password age.

Maximum password age

5. Now check the Define this policy setting and depending on what you want, apply the corresponding action below:

a. To Modify the Number of days before the passwords expires, type for how many days the same password can be used before the user is forced to change it (e.g. to 180 days = 6 months), and click OK.

b. To Disable the Password Expiration Policy, so that the Password Never Expires, set this number to Zero (0) and click OK. (By setting the value to 0, all the domain accounts won’t be required to change password ever).

* Notes: The "Maximum password age" setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999.

image

6. Finally, open Command Prompt as Administrator and give the following command to update the group policy or restart the AD server.

  • gpupdate /force

image

 

 

ADDITIONAL NOTE – HELP:

If you have changed the "Maximum Password Age" as described above, and the policy doesn't apply for a user:

1. Open Active Directory Users and Computers.
2. Select the Users group on the left pane.
3. At the right pane, right-click at the user which the policy doesn't work and select Properties.
4. At Account tab, uncheck the Password never expires option and click OK.

image

 

That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:

We're hiring

We're looking for part-time or full-time technical writers to join our team! It's about a remote position that qualified tech writers from anywhere in the world can apply. Click here for more details.

If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO by clicking below (we do earn a commision from sales generated from this link, but at no additional cost to you. We have experience with this software and we recommend it because it is helpful and useful):

Full household PC Protection - Protect up to 3 PCs with NEW Malwarebytes Anti-Malware Premium!

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php