Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

GPO not overridding Default Domain policy

Posted on 2013-11-07
5
437 Views
Last Modified: 2013-11-07
Scenario:
2008 domain structure. I have a Default Domain policy defining [computer configuration>Policies>windows settings>security settings>password policy>Max password age = 45]
I have OU created called restricted. I want to have the USERS in that OU have a policy of 30 days. But I want the rest of the settings in the default domain policy to still apply to these users.
I have created the GPO, applied it to the OU, the group policy inheritance tab in Group Policy Management.msc shows the two policies, both are set to Enforce, both are set to Enabled. Precedence 1 is the default domain policy and 2 is the GPO created for that OU. I force AD replciation, do a gpoupdate /force on the users workstation, but rsop.msc still shows the 45 days.

If the order of precedence is Local / Site / Domain / OU what would be preventing that GPO from changing it to 30?

Thanks,
chuck
0
Comment
Question by:fcbc
  • 4
5 Comments
 
LVL 21

Accepted Solution

by:
oleggold earned 500 total points
ID: 39630724
0
 
LVL 21

Assisted Solution

by:oleggold
oleggold earned 500 total points
ID: 39630726
0
 
LVL 21

Assisted Solution

by:oleggold
oleggold earned 500 total points
ID: 39630730
0
 
LVL 21

Assisted Solution

by:oleggold
oleggold earned 500 total points
ID: 39630735
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39630761
You can only have one password policy per domain unless you implement a fine grained password policy
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question