No announcement yet.

Active Directory Group Policy Strange Happenings

  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Group Policy Strange Happenings

    I have a network or about 30 windows xp users using a win 2000 server with AD , the problem im having is , we enabled the password policy yesterday (max password age 35 days and a minimum password age of 30) . however when the policy gets propergated to the users pc we get a prompt to change the users password which is fine the password is changed , but when the user logs in again he/she will prompted again with windows is telling us that the password will expire in one day and to change the password . I just don't understand how this could happen the max password age is set to 35 days and the minimum is set to 30. this policy is applied to only one OU and not to the domain. Any idea's or help will be greatly appreciated , thanks in advance.

  • #2
    Re: Active Directory Group Policy Strange Happenings

    Password policies (together with account lockout policies) do not apply at the OU level, only at the domain (or local policy).
    It doesnt matter what policy is set at OU level, it will never be applied.

    That is one of the major reasons for using multiple domains.

    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Active Directory Group Policy Strange Happenings

      The one thing about applying security policies is that you can not asign them to OU's. It just can be configured on the domain level. If you want to have different sec settings applied to for example different departments, you would need to create another domain.
      What do you have set for "Enforce password history" ?