diff --git a/password_policy.module b/password_policy/password_policy.module
index 7d765812dd..eccb46fa71 100644
--- a/password_policy.module
+++ b/password_policy.module
@@ -551,15 +551,29 @@ function password_policy_cron() {
   $unblocks = array();
   $pids = array();
 
+  // Get all password policy applicable roles.
+  $query = db_select('password_policy_role', 'ppr');
+  $query->fields('ppr', array('rid'));
+  $query = $query->execute();
+  $roles = $query->fetchAll();
+
+  $db_or = db_or();
+  // Apply each role ID as a condition.
+  foreach ($roles as $key => $role) {
+    $db_or->condition('ur.rid', $role->rid, '=');
+  }
+
   // Get all users' last password change time. Don't touch blocked accounts.
   $query = db_select('users', 'u', array('target' => 'slave'));
   $query->leftJoin('password_policy_history', 'p', 'u.uid = p.uid');
   $query->leftJoin('password_policy_expiration', 'e', 'u.uid = e.uid');
+  $query->leftJoin('users_roles', 'ur', 'u.uid = ur.uid');
   $result = $query->fields('u', array('uid', 'created'))
     ->fields('p', array('created'))
     ->fields('e', array('pid', 'unblocked', 'warning'))
     ->condition('u.uid', 0, '>')
     ->condition('u.status', 1)
+    ->condition($db_or)
     ->orderBy('p.created')
     ->orderBy('e.warning')
     ->execute();