Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Applied Complex Passwords to Group Policy under Active Directory ???

Status
Not open for further replies.
ftoddt

ftoddt

Technical User
Apr 26, 2003
180
0
0
US
I wanted to force complex passwords on a certain group of users under active directory. When I right clicked on that group and select properties there is a group policy in there and I changed the setting to complex password. I thne added in the properties of each user that they would have to reset their password. That part worked but the complex or number of letters hasn't seem to work it way down to the users. What have I missed?
Thanks
 
Sort by date Sort by votes
You can only set account policies at the domain level. When you make the change to the password policy, their old passwords will still work until they are set to expired. Then they would have to meet the complexity requirements.
 
Upvote 0 Downvote
You can only set password policy at the root level- in other words the policy has to be attached to your domain. All password policies set on OU's are ignored.
 
Upvote 0 Downvote
jcneil 1 & mawilson,
Thanks for your responses. I am unfamiliar with the acronym of OU's. You said "All password policies set on OU's are ignored". If OU's are the various user groups and their assciated group policy in their properties, then from what you are saying, only by selecting the properties of the domain and its group policy can you influence client password requirements. However, that doesn't make sense not to have the ability to make policy changes appropriate for each group of users.
In my domain, I have a group called teachers in active directory. Under that group each teacher is added as a user. Another group called Office with each office staff user added in active directory. And another group called Students. It would make sense to require complex passwords for teachers and staff who have more premissions and privleges than students that have none.
So therin lies my problem.
It sounds like I can't do it.
 
Upvote 0 Downvote
Yes OU's (Organizational Units) are the groups in the domain. And yes everyone in the domain has the same password requirements. That is the way MS designed it. I have run into that wall before also.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
53
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
128
goombawaho
goombawaho
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
105
microsGuy16
microsGuy16
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
50
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top