Password Policy

Create a Domain Password Policy linked to Default Domain Controller OU. However, users can set password without the special characters. I want to enforce it as it is a compliance requirement. Why is it not forcing. AD is windows 2012 R2.
shamnadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
The password policy needs to be linked to the domain root (and applied to the DCs), not the DC OU.
Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
These articles my inspire you in troubleshooting your issue:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27223216.html

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_25348105.html

This is the code to run in order to report your active GPOs and see if you really linked them properly.....

Gpresult /h report.html /f

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
senthilkumar BaluCommented:
This would be Bestway you can achieve is to enfore password policy settings in Default Domain policy.

This will help to achieve the password complexity to all users in domain even if some users placed in certain OUs where block inheritance is set.
oBdACommented:
senthilkumar Balu,

first off, it's best practice to leave the Default Domain Policy empty, and create dedicated GPOs for whatever you want to achieve.
And the regular Password Policy is a Computer policy; it can't be blocked for users, full stop.
The Password Policy has to be linked to the domain root, and it has to apply to the DCs. Once this is implemented, no combination of enforcement, blocking, OU nesting, whatever, will exclude a single AD user from having this policy applied.
The only way to have different password policies on user level is to use fine grained password policies.
Creating fine grained password policies through GUI Windows server 2012 “Server 8 beta”
http://blogs.technet.com/b/meamcs/archive/2012/05/29/creating-fine-grained-password-policies-through-gui-windows-server-2012-server-8-beta.aspx
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.