I have a W2k parent domain with 2 identical child domains. I implemented Account Policies on each domain at the domain level. I placed the new policy at the top of the policy list. Parts of the policy work and others do not. Users in the parent and one child domain never get prompted to change their passwords, but in the other child domain they do.
The following settings are definitely working in all domains: Account Lockout Threshold, Reset account lockout counter after, Minimum password length.
Account Policies are 'not defined' on the OU that contains the computers that should be affected by the domain policy.
In other words.....
Domain level - Account Policies are configured
Computer OU level - No Account Policies configured, but other settings are configured for these computers.
Does anyone have any ideas as to why the Maximum Password Age would only work in one domain?
Any suggestions are appreciated.
The following settings are definitely working in all domains: Account Lockout Threshold, Reset account lockout counter after, Minimum password length.
Account Policies are 'not defined' on the OU that contains the computers that should be affected by the domain policy.
In other words.....
Domain level - Account Policies are configured
Computer OU level - No Account Policies configured, but other settings are configured for these computers.
Does anyone have any ideas as to why the Maximum Password Age would only work in one domain?
Any suggestions are appreciated.
