Solved

How to configure specific password policy for a single OU

Posted on 2013-06-12
5
965 Views
Last Modified: 2013-06-13
Hello -

We are running in a mixed mode active directory environment (2003 and 2008 R2 servers).  We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy.  Is there a way to do this?  I'm getting a ton of conflicting info on this topic.  My thought was to block policy inheritance,  somehow get our default settings reapplied to this OU, and then change the one setting i need.

Is there a way?

thanks

-Josh
0
Comment
Question by:MMIC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39242537
No way to do this via group policy.  Using a GPO there is one PW policy linked at the domain.  When you are at 2008 domain functional level you can implement fine grained password policies

http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

That will allow you to create different policies for users/groups.  FGPP was developed to tackle problems just like yours.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39242546
You can't - you can only have one password policy per domain. - however you can use a fine-grained password policy (assuming you have server 2008), to apply a different policy to a security group

http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39243418
0
 

Author Closing Comment

by:MMIC
ID: 39244334
thanks guys, that is what i thought but was hoping you had a magic answer i had missed.  i'll have to wait until i get to a true 2008 environment.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39244355
There are also third party tools like specops that can help in your 2003 domain  I'd save the cash until you get to 2008

Thanks

Mike
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question