asked on

Password policy on AD OU

Hi,

I have an issue on applying a password policy. Basically, I have 2 types of users: office and production, that are divided in several OU's. The office users should have a strong and changing password, the production users must have a simple and permanent password.

I had assigned the password policy to the OU's of the office users, but this didn't work. Only the password policy and complexity rules (which was set to disabled) of the domain policy applied. Also, setting the password policy on the OU and not configuring a domain password policy didn't work.

Therefore, I set the password policy on the domain, but now I cannot create new users for production without the complexity requirements. What should I do?

Brian Pierce

Password and account policies cannot be set at the OU level - only at the domain

SOLUTION

Pete Long

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

wouteravi

ASKER

Thanks. I don't create users every week or every month. Is disabling the domain password policy before creating the user an option? The password policy is a seperate gpo on root level.

Pete Long

no the policy is refreshed anyway so that will not work in a 2003 environment one password policy only my friend sorry :(

Brian Pierce

Well yes you could (and run gpupdate/force to apply it), but it's going to get messy.

ASKER CERTIFIED SOLUTION

Brian Pierce

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial