In a simple domain structure it is common to create OU's for users and others for computers. Some do it by location, or in your case you could do it by department.
One of the primary reasons for OU's and segregating objects is to allow separate control and configuration of the objects in the...
Server 2003 does not allow mixed password policies so it is the same for all users and you can't change that.
Did you do a RSOP on the user's machine? That is where you should see the "Account Policies/Password Policies" set and which GPO set it (Default Domain Policy probably).
99% of the time it is a bad password but you need to find out where it is being used. It can be from another machine the user uses occasionally and forgot about, where he mapped a drive to another machine using credentials (password) that has now changed. Each time the machine needs to refresh...
Our domain security policy already forces passwords to be changed every xx days and that does not appear to affect their ability to set the passwords to never expire.
I am still puzzled that there is not a documented way to deny just that ability.
Excuse my ignorance, but I don't see how this allows me to deny my account admins the ability to set the "passwords never expire" option. I need them to create and manage accounts in their OU, but not be able to set passwords to never expire.
No, they are account admins who only create accounts for their OU. We do not allow user accounts with passwords that do not expire, but I am finding some here and there that are being set that way.
Can anyone tell me if I can deny the permission to set a password to never expire? I want to prevent certain people from changing the "password never expires" account setting.
I am trying to track LDAP activity in my Windows Server 2003 AD environment, queries, changes, etc. Is anything logged anywhere? Any tools available for this?
I would like to add a few custom templates to my delegwiz.inf, however I am having trouble finding enough information.
I have already read article 308404 "How to customize the task list in Delegation Wizard". If that is the best there is then we are lost.
It does not explain where to locate...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.