?
Solved

How to configure specific password policy for a single OU

Posted on 2013-06-12
5
Medium Priority
?
1,002 Views
Last Modified: 2013-06-13
Hello -

We are running in a mixed mode active directory environment (2003 and 2008 R2 servers).  We have about 20 service account located within 1 OU that we'd like to have a different minimum password age than the rest of the default group policy.  Is there a way to do this?  I'm getting a ton of conflicting info on this topic.  My thought was to block policy inheritance,  somehow get our default settings reapplied to this OU, and then change the one setting i need.

Is there a way?

thanks

-Josh
0
Comment
Question by:MMIC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 39242537
No way to do this via group policy.  Using a GPO there is one PW policy linked at the domain.  When you are at 2008 domain functional level you can implement fine grained password policies

http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

That will allow you to create different policies for users/groups.  FGPP was developed to tackle problems just like yours.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39242546
You can't - you can only have one password policy per domain. - however you can use a fine-grained password policy (assuming you have server 2008), to apply a different policy to a security group

http://akrameleyan.wordpress.com/2013/01/06/why-and-how-to-use-fine-grained-password-policies/
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39243418
0
 

Author Closing Comment

by:MMIC
ID: 39244334
thanks guys, that is what i thought but was hoping you had a magic answer i had missed.  i'll have to wait until i get to a true 2008 environment.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39244355
There are also third party tools like specops that can help in your 2003 domain  I'd save the cash until you get to 2008

Thanks

Mike
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question