AD Password Complexity Change Help 1

[goickle]

My company needs to increase our password complexitly requirement. We have 14 branches spreadout over Northern New England. I have a couple of questions. If I change the Domain policy will it prompt all of our users immediately or only when their current 180 days expire? Has anyone tested or verified this?
Our original plan was to do it on a branch by branch basis
Would I be better off removing the current domain password policy and instead set the password policy at the branch OU level? This way we can roll it out on a branch by branch basis.
Thanks for the help.

 

[Roadki11]

They will not get promted to change the password if you make a domain policy password change, they will be required to comply with the new complexity when forced to change though, either by the expiry time frame or by checking the change password at next login on the account. Password policies only work at the domain policy, cant have different policies at the OU level in 2k3, upgrade to 2k8 for that option. You can force a password change by selecting all accounts at the same time in an OU right click and select properties and checking change password at next login.



RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen