• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 54
  • Last Modified:

Search all GPO's for a setting

I have inherited an AD domain and I'm currently trying to figure out what was setup  ( pretty much EVERY security and Best practices violation exists here!!)  Currently I'm trying to find which GPO  (there are 20) has the setting for password complexity.  I should be able to find it but I haven't found a GPO with this setting turned on. It's really odd.  I'm probably just missing it somewhere,  but there should be a way to search all the GPO's in the domain for this setting ( assuming it wasn't done at the local machine level!!)are there any good tools (I'd prefer NOT to use powershell if I can)

thanks
0
pcmm
Asked:
pcmm
  • 3
  • 2
  • 2
  • +2
1 Solution
 
helpfinderIT ConsultantCommented:
in GPO management console you can check each GPO for settings they affecting (in the right pane under Settinfs tab)
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
You can search your domain in the GPMC.  Under domains, you will see your domain name. Right click on it and select search.
0
 
helpfinderIT ConsultantCommented:
or try Search option in GPO management with search criteria like this

gpo_search
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Mike KlineCommented:
Also take an RSoP report for a computer/user in the domain and it should tell you where the setting is being applied from.

Password settings are special as they have to be linked at the domain level.  

Thanks

Mike
0
 
pcmmAuthor Commented:
Thanks,  I've done that,  odd thing is that I get results but none of them have any password complexity rules turned on, yet my domain requires it!
0
 
helpfinderIT ConsultantCommented:
on the computer you assume that GPO is applied check local GPO for such a settings
0
 
pcmmAuthor Commented:
Sorry for the delay getting back.  I've searched in the group policy editor,  I've searched local policies,  I've tried GPRESULT /z .... and nowhere can I so far find any settings that suggest Password complexity is turned on,  but each time I try to change passwords,  I get that familiar password complexity error ( If I don't use a password that complies)  I've never seen anything like this before!  any further ideas?
0
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Try the powershell script in the second part of this page:

http://deployhappiness.com/searching-gpos-for-that-specific-setting/
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now