I work in a company that users haven't had to change passwords for at least 8 years. We're about to turn on a fine grained password policy modeled after http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/ and I am hesitant to do so because there will be no warning and all the users passwords that are older than a year will automatically expire.
I have a PowerShell script that emails users 30 days before their password expires and gives them directions to change their passwords - but this obviously won't work the first time the policy is turned on. I would like to turn on the password policy but make it not take effect for 15 days as a grace period and to have our PowerShell script kick off emails to help them change password.
What am I missing here?