Re: DumpSec Password Age

A Microsoft function, NetUserModalsGet, is used to get the policy information. Hyena also uses this function. You need to verify your other policies, as Microsoft has made a mess of overlapping policies: there is one for the domain and another one for a domain controller. Its unclear whith policy this function is reporting to you, if any.

Re: DumpSec Password Age

This might not be your case, we had this happen when changing the number of incorrect logons that would lock your account. It kept getting over written to the old value. Though we didn't know it at the time.
Found a DC that was not replicating correctly. It would over write what we were trying. So you may want to ensure your DC's are replicating correctly.

Re: DumpSec Password Age

Thanks all for the input, passing it on as well. I don't normally work this side of the house, they are just stumped so trying to assist them. Its odd in that the 60 days shows that its replicated out to all the DC's via dumpsec; however, when you look in the group policy editor for any of them it appears as 30.

I firmly believe Dumpsec report is correct as when you look at the times for password resets for users they are scheduled for 60 days.

I mentioned to our admin to try and change it from 30 to say 45 and just see how/if it replicates.

Thanks again.