We help IT Professionals succeed at work.
Get Started

fine grained password policy not working

Last Modified: 2012-10-01
My fine grain password policy is not working. I went through the step by step guide here:  fine grain password setup. I then researched and went through the following steps to figure out why it isn't working.

1. dsget user <User-DN> -effectivepso
    a. This didn't do anything except for give me dsget succeeded reply

2. Checked Domain function level by going to Ldp.exe and connecting to my Domain Controller
    a. It says 3= (WIN2008) next to domainControllerFunctionality

3. Tried adding user to Active Directory group and then add the group to the fine grain password policy in ADSI but this also didn't do anything.

4. I have checked the msDS-PSOAppliesTo
    a. This is set correctly. It has my user and group there

5. I have changed the msDS-PasswordSettingPrecedence to 1
    a. This didn't make a difference

My domain controller is a Windows 2008 64bit machine. After all this I am still having problems with my test user. This user still is under the default password policy and not my new one.
Watch Question
Top Expert 2012
This problem has been solved!
Unlock 1 Answer and 17 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE