• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 390
  • Last Modified:

Correctly Applying Password Expiry GPO in Exchange 2003

We need some clarification on the correct way to apply a Password policy against users in Active directory in Exchange 2003.

we are in a situation where we have an existing policy expiring password at 90days etc applied at...

           <sustrans OU>
                     <computers OU> *Here*

This seems to be designed to effect all AD users so their password expires at 90 days, and some complexity settings.

Why do you apply a password policy against computers, rather than users?

We have a scenario where by we need to apply a test GPO where passwords expire everyday, weve applied this test GPO to an OU where the original GPO is not inherited and placed a test pc within.


Which policy expires my user password? In theory the test laptop has is going to tell me that password is expired tomorrow, but my desktop which is in the <computers OU> doesn't think the password will expire until it reaches the age limit of 90 days.
1 Solution
Mike KlineCommented:
The policy that is linked at the domain level is what applies to user accounts.   A policy linked at the OU level only applies to local accounts on that computer.

In  2008 Domain functional level and higher Microsoft introduced fine grained passwords to help deal with this issues (can link PSOs to different users/groups).

In 2003 not much you can do natively to have different policies.  There are some third party tools that can help if you want different policies.


Will SzymkowskiSenior Solution ArchitectCommented:
What Mike has said is correct. The only way you could create another password policy in 2003 AD is if you created a child domain and use this domain as your "test" domain". You can then create policies in this domain and they will not affect the production forest root domain. I would consider this if you have no future plans to move to 2008 or higher.

Hope this helps
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now