Password Policy at a OU Level.

[Guest]

Hi
Can anyone please help me set password policies at a OU Level. We can use Domain Security Policy to set policies for the entire domain. I cannot find how to set password policies at a OU Level
Any help would be appreciated
Thanks
Rami

 

[Cary Shultz [A.D. MVP]]

Rami,

You can not. This is something that is set at the Domain level. Now, do
not misunderstand me. You can set a password policy at the OU level.
However, it will not have the effect that you are after. It will only apply
to any computer account ( the passwords for any local user account ) that
might be located in that OU.

If you want some people to not be affected by the password policy then you
might think about the 'password never expires' check box for those
particular accounts. And this is not going to completely stop the password
policy from applying...

HTH,

Cary

Hi,
Can anyone please help me set password policies at a OU Level. We can use

Domain Security Policy to set policies for the entire domain. I cannot find
how to set password policies at a OU Level.

 

[Joe Richards [MVP]]

This is not something you can generally do, natively not at all. However
depending on the things you are trying to accomplish you can create your own
extensions that will do it for you.

For instance if you want special password length, complexity, history
requirements by OU, you can set up your own password filters, this is fully
documented in MSDN but requires a decent c++ programmer.

If you want special expiration policies you can set up a script that runs
through the OUs and manually expires accounts on time.

Things like lockouts and password required/not required isn't something you can
really do too much about.

joe