andybogard
asked on
cannot restore old settings of "password must meet complexity requirements"
HI Experts,
I ENABLE the "password must meet complexity requirements" on one of our AD servers, after 8 hours I decide change it back to DISABLED, its been 2 weeks the settings of theses server did not take effect... I already try GPUPDATE /FORCE on all AD servers still no use... all my user is complainning, may i know how to restore the settings?
Help is really appreciated
Thanks
I ENABLE the "password must meet complexity requirements" on one of our AD servers, after 8 hours I decide change it back to DISABLED, its been 2 weeks the settings of theses server did not take effect... I already try GPUPDATE /FORCE on all AD servers still no use... all my user is complainning, may i know how to restore the settings?
Help is really appreciated
Thanks
ASKER
HI gpriceee
Still no effect.... could you please advise us other alternative?
Thanks Experts!!!
Still no effect.... could you please advise us other alternative?
Thanks Experts!!!
ASKER
HI gpriceee
is the reboot of the servers required? does the GPUPDATE / FORECE will do the work? or Reboot is needed?
Thanks Experts!!!
is the reboot of the servers required? does the GPUPDATE / FORECE will do the work? or Reboot is needed?
Thanks Experts!!!
No reboot is needed.
If you do a gpresult on the workstations, when was the latest policy applied?
Are you testing from more than one workstation?
Do you have another GP in the workstation OU?
If you do a gpresult on the workstations, when was the latest policy applied?
Are you testing from more than one workstation?
Do you have another GP in the workstation OU?
ASKER
HI gpriceee
we have GP in the workstation OU, the blocked inheritance is disabled ... so we expect the effect to replicate, but sadly it didnt.
Its been 2 weeks .... I already try GPUPDATE /FORCE on all Servers since last week.
Thanks Experts!!!
we have GP in the workstation OU, the blocked inheritance is disabled ... so we expect the effect to replicate, but sadly it didnt.
Its been 2 weeks .... I already try GPUPDATE /FORCE on all Servers since last week.
Thanks Experts!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Group Policy is Replicated to Domain Controllers.
Running gpupdate /force on a server only works for updating Group Policies that have been assigned to the servers. Hopefully, you have Servers in their own OU, separate from the Workstation OU.
Once you change the Group Policy, if you want a quick result, force replication among Domain Controllers. Then, run gpupdate /force on a workstation/s.
What really should help you the most here is the combination of using the Group Policy Results Wizard and the gpresult command. That way, you'll know that the workstation expects to receive what the Domain Controller attempts to apply.
Just a thought . . . .
Somewhere along the way, have you adjusted the security settings on the policies?
On the Domain Controllers, is the File Replication service running?
Running gpupdate /force on a server only works for updating Group Policies that have been assigned to the servers. Hopefully, you have Servers in their own OU, separate from the Workstation OU.
Once you change the Group Policy, if you want a quick result, force replication among Domain Controllers. Then, run gpupdate /force on a workstation/s.
What really should help you the most here is the combination of using the Group Policy Results Wizard and the gpresult command. That way, you'll know that the workstation expects to receive what the Domain Controller attempts to apply.
Just a thought . . . .
Somewhere along the way, have you adjusted the security settings on the policies?
On the Domain Controllers, is the File Replication service running?
ASKER
HI
Yes, File Replication service running
Our default GP refresh is every 2 hours, we already check one user's policy the password complexity is disabled, but this user gets a complexity requirements when he changes his password.
Thanks Experts!!!
Yes, File Replication service running
Our default GP refresh is every 2 hours, we already check one user's policy the password complexity is disabled, but this user gets a complexity requirements when he changes his password.
Thanks Experts!!!
ASKER
HI Expert!!!
anyone has idea on our problem?
Thanks Experts!!!
anyone has idea on our problem?
Thanks Experts!!!
why dont u leave the policy as NOT DEFINED(dont check anything) and see if that would solve ur problem...
I'm waiting for your response as to what the results of the comparison of the Group Policy Results Wizard and the gpresult command at a workstation.
In the meantime, you could adjust the security settings of the Group Policy causing the issue, and deny read to everyone.
In the meantime, you could adjust the security settings of the Group Policy causing the issue, and deny read to everyone.
ASKER
Guys,
Its been a weeks ... still no ... positive result ...servers replicate all policy
Thanks Experts!!!
Its been a weeks ... still no ... positive result ...servers replicate all policy
Thanks Experts!!!
ASKER
HI Experts!!!
Thanks !!!!!
more power
Thanks !!!!!
more power
Check your default domain policy, and change the settings there:
Computer Configuration \ Windows Settings \ Security Settings \ Account Policies/Password Policy
Go to Active Directory Sites and Services.
Under Default-First-Site-Name --> Servers
Click on the + sign next to each server. Click on NTDS Setings.
In the right-hand pane, right-click the object, and choose Replicate Now.
Do that for all servers.
Then, go to a workstation, open a cmd prompt, and use the gpupdate /force again.
Reboot.
Check the password.