When there are users in password-invalid account lock state, relaxing a password character string restriction may release some users from the password-invalid account lock state. Before changing password character string restriction, make sure it is acceptable to release these users from the password-invalid account lock state.
The following is the procedure for identifying the users who will be released from the password-invalid account lock state:
Care must be exercised in strengthening one restriction while relaxing another restriction. For example, a user may attempt to change a password before the implementation date in order to avoid violation of a new restriction. However, the user may not be able to make the change because it violates the current restriction. In such a case, the password must be changed so that it satisfies both the current and the proposed restrictions.