GPO setting not being enforced

Posted on 2007-10-11
Medium Priority
Last Modified: 2012-06-21
I have a Windows 2003 Server Active Directory domain.  I have two group policies which I apply domain wide.

I had initially enabled password expiry, but them shortly after removed it.

For some reason, now, users are still getting prompted that their password is to expire even though no GPO has this feature enabled.

I have run gpupdate /force on a machine and also used SpecOps AD extension to run gpupdate /force on all machines in the domain.

Any suggestions would be greatly appreciated
Question by:pgp4privacy
LVL 11

Expert Comment

ID: 20061289
The first thing to note, which you may already know, is that an Active Directory domain can only have one password policy and it applies to all users.  You can't stop it applying to certain users or only apply it to certain users.  It also must be defined in a GPO linked to the root of the domain. (see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx#EMD for more info).

Try running 'gpresult /v' from one of the PCs.  This will show you the GP settings that are in force on that PC which might help identify where the password policy is coming from.

Accepted Solution

Barca earned 750 total points
ID: 20071417
once you have enabled password expiry policy...and users a/c password status will then be expiried...

try to set users password will never expiry.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question