Problems testiing GPO for password complexity on OU before changing default domain policy

G

Guest

I have a Win2k AD domain in native mode and want to test password complexity on an OU before applying to the entire domain. The complex password policy is applied when I logon to the local machine but not when I logon with a domain user which is a member of the OU and security group within that OU. The machine account is also a member of the OU and the security group I created. How can I apply the policy to the domain account? BTW machine is Win2k Pro

Thanks in advance

Kirk H
 
T

Tim Hines [MSFT]

Account policies are only read at the domain level and you can only have one
password policy per domain. Any policies applied at the OU level will only
apply to the local machine account policy.

See the following for more info

255550 Configuring Account Policies in Active Directory
http://support.microsoft.com/?id=255550

221930 Domain Security Policy in Windows 2000
http://support.microsoft.com/?id=221930



--
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



Kirk H. said:
I have a Win2k AD domain in native mode and want to test password
Click to expand...
complexity on an OU before applying to the entire domain. The complex
password policy is applied when I logon to the local machine but not when I
logon with a domain user which is a member of the OU and security group
within that OU. The machine account is also a member of the OU and the
security group I created. How can I apply the policy to the domain account?
BTW machine is Win2k Pro.
 
M

Mike Aubert

Hi Kirk,

Account policy must be set at the domain level to affect domain accounts. If
Account policy is set at the OU level it will only apply to the local
accounts on workstations affected by the policy.

Mike

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.


Kirk H. said:
I have a Win2k AD domain in native mode and want to test password
Click to expand...
complexity on an OU before applying to the entire domain. The complex
password policy is applied when I logon to the local machine but not when I
logon with a domain user which is a member of the OU and security group
within that OU. The machine account is also a member of the OU and the
security group I created. How can I apply the policy to the domain account?
BTW machine is Win2k Pro.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Security Policy vs. OU specific Policy 1
GPO (OU vs DOMAIN) 1
Password Policy & GPO Settings 14
strong password group policy 2
Password Policy at a OU Level. 2
OU Creation and linking GPO to it 1
GPO and Audit 3
Blocking password policy set at Domain level 5

Top