Return
-
Title
How to determine when a users’ password is due to expire. -
Description
If the following command is run against a user, the password expiry date that is returned may not necessarily be the correct date based on all the password policies that the user is scoped to.
# net user /domain
-
Cause
The password expires date that is returned is calculated based on the maximum password age value that is set in the Default Domain Password Policy and not based on any of the policies that are set in Password Manager. -
Resolution
To get the maximum password age value based on all of the password policies that a user is scoped to then the users’ status will have to be viewed via the PMHelpdesk.
The password expires date will be listed under the “Status in Domain” heading.
The date that is returned will depend on whether a user is scoped to one or more password policies and Password Manager will choose the most restrictive date.
To understand how Password Manager determines password policy precedence please see the following KB article.