Password policy won't take effect

[wvgirl64]

I need to test the password policies on a few select users (max duration, min duration , set length, complexity, etc). So I created a new OU and moved one user into it. I created a new GPO for that OU, which includes enabling the above password policies. However, when I log that user on, I can change the password to anything I want, it doesn't seem to be affected by the policy. I gave it plenty of time to replicate. The group policy for my regular Users group does not have any such policies defined. What step am I missing? Is this an inheritance problem?
Thank you for any advice.

 

[Tom70]

When defining password policies are you going into the local security policies or domain security policies? And if you are applying policies to the domain you must remember that:

"One big note about password, account lockout, and Kerberos group policies: They are applied at the domain level only. Domain controllers will receive their settings from domain-level account policies and will ignore the settings in policies linked to OUs. In fact, you’ll see an error in the Event Log if an OU-level policy contains these settings. So unfortunately, you still can’t make administrator types change their passwords more often than everyone else does (not without a big stick, anyway)."

Quoted from Mastering Windows 2000 server.

Hope this helps, if not I will be happy to offer more assistance.

 

[wvgirl64]

I am going into AD Users and Computers, right clicking on the OU I created, properties and then Group Policy. My default domain policy has password length and duration configured, but not complexity. I was trying to test the complexity with just a few users to see how much confusion it caused, before going domain-wide with it. So, I can't do that, is that what you are telling me?
Thanks again for your advice.

 

[Tom70]

No, you have to apply policy to the domain. I confirmed this with the director of networking at my college.

Glad to help.