Upcoming Webinar - Learn How to Be Cyber-Smart for This Year's Cybersecurity Awareness Month Register Now

How to Notify Active Directory Users When Their Password is About to Expire

by Josh Van Cott

We get it, changing your Active Directory password regularly is a bit of a pain. Wouldn’t it be much easier to have just one password for everything, instead of having to remember a new one every few months?

Unfortunately, you simply cannot afford to allow password complacency to become a habit.That is exactly what attackers are looking for.

As an IT Administrator, it is your job to ensure you have an appropriate means of reminding users when their passwords are due to expire.

In this article we will take you through the steps needed to remind users when their passwords are due to expire using the native method.

Step 1: Open Group Policy Objects Editor Console

To do this, simply go to Start – Run and then type in gpedit.msc and click Ok.

Step 2: Explore Security Options

In the Group Policy Objects editor, go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options.

Step 3: Choose the Policy for Password Notifications

Now you need to select the policy named “Interactive Logon: Prompt user to change password before expiration”. The current security setting is enabled to a default figure of 14 days.

Step 4: Modify the Security Setting

Right click on the policy and modify the setting accordingly. You can adjust the number of days to your own liking.

Once complete, users will get a warning message that will say something similar to the following whenever they connect to the domain:

Your password will expire in 5 days. Do you want to change it now?

The Drawbacks of Native Password Reminders

Annoyingly, these types of password reminders are only useful if you have users that regularly log out of their accounts. If users prefer to lock their accounts and unlock them when they use them, they will not see the warning messages and their password may expire without their knowledge.

It would be much simpler if you could remind your users that their passwords are due to expire by email…

How Lepide Password Manager Helps

Lepide Password Manager (part of Lepide Data Security Platform) is able to send fully customizable, automated emails to users that notify then when their password is due to expire. Follow up notifications can be sent if your users fail to change their passwords the first-time round.

You can also use Lepide Password Manager to limit the amount of helpdesk calls due to expired passwords by generating a list of users with soon to expire passwords. You can then follow up with those users manually to ensure they get their passwords changed on time.

Comprehensive reports on soon to expire passwords, logon failures, password changes and more can be viewed from one consolidated platform – the simplest way to automate password expiration notification. Check this article to know how Lepide Password Manager works. Reduce helpdesk calls and improve your password security with Lepide. Start a free trial of the platform today.

Try Lepide Password Manager