expiring passwords for only for a a single OU not the hole domain

  • Thread starter Thread starter LP
  • Start date Start date
L

LP

We have a single W2003 domain structure

I want to enforce 90 days password experation only on one of the OU. Is it
possible? if not how can I expire all passwords manually on a single OU
without going to each user?
thank you,
LP
 
We have a single W2003 domain structure

I want to enforce 90 days password experation only on one of the OU. Is it
possible? if not how can I expire all passwords manually on a single OU
without going to each user?
thank you,
LP
Click to expand...
It is not possible. Password policy is domain wide.

See tip 7785 in the 'Tips & Tricks' at http://www.jsiinc.com
set -mustchpwd to yes.



Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
FYI

If the resources on your domain are such that it is appropriate to have
strong/complex passwords on that domain, setting an OU with weaker passwords
would amount to you the admin creating a security hole in your domain.

A hacker would not waste their time trying to hack into your domain by
cracking an account with "strong" password settings when there are "weak"
accounts on the same domain they want access to.

hth
DDS W 2k MVP MCSE
 
That is a password filter. It can't change the expiration policy, it controls
password complexity.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO security settings not applied 4
Default Domain Policy Question 4
GP do not take effect 4
Password Policy and AD 2
Default Domain Policy 2003 7
Complex password policy - service accounts 1
Password Policy 2
Group Policy Not Being Applied?? 11

Back
Top