Default Domain Policy Question

[Nut Cracker]

Hello All,

I have a situation where the Default Domain Policy (DDP) is configured for
passwords to expire in 90 days. I have an OU full of service accounts that I
dont want to be subject to that policy.

How do I go about creating an exlusion from the DDP for this OU ? I am told
that I can oly set the password policy at the DDP level, so Im kinda in a
lurch here.

Thank you for any light you can shed on this.

- NuTs

 

[Danny Sanders]

Enable the "password never expires" attribute on each service account.

For security reasons you should manually change their passwords
periodically.

hth
DDS W 2k MVP MCSE

 

[Cary Shultz [A.D. MVP]]

Nut cracker!

Take a look around in this news group - as well as in the Active Directory
news group! The Password Policy is set at the domain level and affects
everyone or no one! The only way to have user account objects not affected
by this Password Policy is to move them to another domain.....But that is
not really going to resolve your situation.

And I always set a Password Policy within the Domain Security Policy ( which
is a subset of the DDP anyway... ).

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Nut Cracker]

Thank you for the response.

This setting was already there foreach account, but they expired just the
same. I cant have that happen again.

- NuTs

 

[Danny Sanders]

That setting *should* prevent the password for that account from expiring. I
know for a fact it works in Win 2k. If you are running Win 2k there is
something more going on.

Not sure what it is.

DDS