I have one Windows 2003 DC. I don't understand how the Password Policy GPO works. there seem to be many places to configure password policy such as Default Domain Policy, Default Domain Controller Policy, User OU policy, AD Site Policy...
it seems to me the passwork policy only honor at Domain level, which is Default Domain Policy. I created an OU policy called AccountingGPO, set higher account security, but doesn't work. by the way, after every changes I made on the domain controller, I ran gpupdate command to refresh all policies.
How to make my OU account password policy work?
and further to this, what will affect if I change Password Policy in a Domain controller policy? domain controller doesn't even have local user account exist!