Avatar of sustrans
sustransFlag for United Kingdom of Great Britain and Northern Ireland asked on

Correctly Applying Password Expiry GPO in Exchange 2003

We need some clarification on the correct way to apply a Password policy against users in Active directory in Exchange 2003.

we are in a situation where we have an existing policy expiring password at 90days etc applied at...

<Domain>
           <sustrans OU>
                     <computers OU> *Here*

This seems to be designed to effect all AD users so their password expires at 90 days, and some complexity settings.

Why do you apply a password policy against computers, rather than users?

We have a scenario where by we need to apply a test GPO where passwords expire everyday, weve applied this test GPO to an OU where the original GPO is not inherited and placed a test pc within.

MY QUESTION IS...

Which policy expires my user password? In theory the test laptop has is going to tell me that password is expired tomorrow, but my desktop which is in the <computers OU> doesn't think the password will expire until it reaches the age limit of 90 days.
Windows Server 2003Active DirectoryExchange

Avatar of undefined
Last Comment
Will Szymkowski

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Mike Kline

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Will Szymkowski

What Mike has said is correct. The only way you could create another password policy in 2003 AD is if you created a child domain and use this domain as your "test" domain". You can then create policies in this domain and they will not affect the production forest root domain. I would consider this if you have no future plans to move to 2008 or higher.


Hope this helps
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes