0

So my AD user password recently expired, and I was surprised because I don't remember being shown a warning a week before like I did previously. I contacted my org's IT and they helped me out, but when I mentioned the lack of reminder to them, they said it hasn't been a thing for at least 2 years. I haven't been working that long at the company, but I'm certain that I did see them before.

Of course I could just be misremembering, but it would be nice to know definitively. So, how can I view notification event history for AD user password expiration?

For reference, this is what the notifications I remember being shown previously look like

Rohit Gupta
  • 2,721
  • 18
  • 27
  • 35
András Ballai
  • 1
  • Your Domain Administrators enable the group policy. It most certainly and absolutely still a thing, your notification, is even a Windows 10 notification. – Ramhound Jul 26 '23 at 12:50
  • Duplicate of https://superuser.com/questions/947947/view-past-notifications-in-windows-10. Windows can keep a very recent notification history, but not much otherwise. You can see if your IT enabled that policy by running `gpresult /h c:\temp\gpresult.html` and searching the file for that policy – Cpt.Whale Jul 26 '23 at 13:59
  • @Cpt.Whale thanks for the answer, I looked at the linked question (this is indeed a dupe of it for the most part), and I couldn't find the notification I remember being shown in the past. I also ran the command you posted but it doesn't show any active group policies. Anyway, thanks! – András Ballai Aug 01 '23 at 12:43

1 Answers1

0

I don't think that a system event is generated to the Event Log by such a reminder.

However, issuing this reminder is a domain option whose default value is disabled. If it's indeed disabled, this will explain why you didn't see this reminder, simply because it never happened.

You might point your IT to the Microsoft article Interactive log on: Prompt the user to change passwords before expiration.

The setting is found in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, and its default domain policy value is "Not defined". One enables it by setting a number of days that is not zero in the field "Begin prompting this many days before password expires".

harrymc
  • 455,459
  • 31
  • 526
  • 924