I am trying to enforce password policy for a Domain. (Enforce Password
expire very 90 days and minimum 6 characters etc) I am running Windows 2003
AD. But here is the problem, most of the existing users password are more
than 90 days old which mean their accounts will expire right away as soon as
I enable password policy becasue AD will look at the time stamp of pwdLastSet
My question if it is possible to reset the pwdLastSet attribute value to
certain date. I searched around and found there are two value to set ( 0 and
-1). 0 will make users to change password at next logon but I do not want to
do that. I would hope I can reset to today date or pre-define date.
Another question is what happen to service account that keep running on
background every minute (But they never login from the console). Are those
account expire immediately while running from the background or not affect
until a user login at the console?