I have a GPO set to force a password expiration every 90 days. I want to make an exception for one particular user so I checked the box for "password never expires" under their account properties in active directory.
I thought that made sense but today they got a warning that their password would expire in 2 days. What am I missing?
Configuring the setting in GP for the password expiration every 90 days, and then enabling the "password never expires" box on the individual account are 2 different things. The password will still "expire" in AD after 90 days, but the user will not be required to change it when the 90 days are up and will be able to continue to use their existing password.
The reason they are getting reminded is due to another GP setting to remind the users that their password will be expiring in X # of days which is also an independent setting in GP. Configuring the individual account for no password expiration (an AD setting) does not override the GP setting to remind users that their password will be expiring when they log onto a domain computer (a computer configuration setting in GP).