Windows 2008 Domain Password Policy not working

[Mulan]

I made the following settings in a Windows 2008 Domain. Computer Configuration -> Policies -> Windows Settings - Settings> Security -> Account Policies. And the Set is:

Complexity requirements: Disabled
Password History: 6 Passwords
Encryption. Disabled
Maximum Password Age: 32 days
Password length: 8 characters
Minimum Password Age: 31 days

However, do not act the changes. The user must never change a password. It comes a few days earlier, not the message that their password expires. Or I am just a reflection errors has been a while ago where I have defined a password policy.

[Warner]

A similar but GPO is already configured. The option can be found in the security options of the Default Domain Policy Interactive Logon: User before the end of the password to change the Password prompt. The default value is 14 days. Although I set your values for "Minimum and Maximum password age" unfavorable think. Is in your user accidentally runs the option "Password never end" in the properties of the user account enabled??

[Adler]

We would you adjust the minimum and maximum values? This is of course a matter of taste or depending on the company policies. I will always minimum password age to zero, otherwise a user is not before it could change their password set days when needed. What you have for your clients because in use? Can You with "rsop.msc see" whether the Default Domain Policy on the client / user arrives at all? If the Default Domain Policy may inadvertently deactivated or possibly been moved?

[Vitus]

I think the explanation is quite simple. You have to after you've changed the password policy, all users to ask to change their password. When password changes then take over the user accounts, the current settings of the DefDomPol. Times you grab a test user and change the password. Then you will see that this user must then change their password every 30 days good.