Announcement

Collapse
No announcement yet.

a user conflict in A.D vs. Policy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • a user conflict in A.D vs. Policy

    i have server 2003 domain controller.
    ive implemented a policy through the default domain policy that forces password policy (min' PWD age 30, max' PWD age 90) for all the ordinary users.
    and enforce PWS history of 12 PWD's, so at min after 1 year,PWD can be repeat..
    i have some users which i granted in their user account that their PWD will never expire, i thought they would be able to change thier own password freely, coz' this setting should overrule the policy.
    nope i want these special user to be able to change their password anytime they please but they're obliged to the default policy that states that only after 30 days they're given the privilege of changing the PWD.
    only when i change the min PWD age to 0 at the defauld domain policy they can change freely but also everyone else which is bad..

    i hope i made myself clear enough
    10x danny

  • #2
    Re: a user conflict in A.D vs. Policy

    Don't password settings apply to the whole domain and not to OU level?
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: a user conflict in A.D vs. Policy

      Chris is right. If you need separate password policies for groups of users, the only way to do it is create another domain.
      Regards,
      Jeremy

      Network Consultant/Engineer
      Baltimore - Washington area and beyond
      www.gma-cpa.com

      Comment


      • #4
        Re: a user conflict in A.D vs. Policy

        but if i configure the special users account that their PWD will never epires ,
        shouldnt that overide the max PWD age.. and if so

        is the option the change the pwd of these users have been denied coz of the min PWD age, that was not overide here??

        10x

        Comment


        • #5
          Re: a user conflict in A.D vs. Policy

          Originally posted by dannydr
          but if i configure the special users account that their PWD will never epires ,
          shouldnt that overide the max PWD age.. and if so

          is the option the change the pwd of these users have been denied coz of the min PWD age, that was not overide here??

          10x
          The "never expire" overrides the max pwd age. Everything else should apply (complexity, history, min pwd age, etc.)
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment

          Working...
          X