R
redbandana
OK, the ADMT password migration doco states:
Verify that the passwords of the source domain user accounts match the
password policy of the target domain.
ADMT cannot verify password policies in the target domain. If the
source user accounts have passwords that violate the password restrictions
(such as minimum length) in the target, then the affected migrated accounts
can log on, but they will be forced to change their password the next time
they log on.
If you have a Group Policy setting on the target domain that does not
allow blank passwords (the Default Domain Policy/Computer
Configuration/Security Settings/Account Policies/Password Policy/Minimum
password length setting is set to any number other than zero), then password
migration will fail for any user who has a blank password. The user will be
forced to change their password the next time they log on.
However, my tests with a stronger domain Account password policy for
INTRAFOREST do not work out that way. All user passwords are synched at
the migration into the target domain. However, when they change passwords,
they must meet the criteria of the target domain's account password policy.
Any feedback from others on this topic?
Thanks, red
Verify that the passwords of the source domain user accounts match the
password policy of the target domain.
ADMT cannot verify password policies in the target domain. If the
source user accounts have passwords that violate the password restrictions
(such as minimum length) in the target, then the affected migrated accounts
can log on, but they will be forced to change their password the next time
they log on.
If you have a Group Policy setting on the target domain that does not
allow blank passwords (the Default Domain Policy/Computer
Configuration/Security Settings/Account Policies/Password Policy/Minimum
password length setting is set to any number other than zero), then password
migration will fail for any user who has a blank password. The user will be
forced to change their password the next time they log on.
However, my tests with a stronger domain Account password policy for
INTRAFOREST do not work out that way. All user passwords are synched at
the migration into the target domain. However, when they change passwords,
they must meet the criteria of the target domain's account password policy.
Any feedback from others on this topic?
Thanks, red