Solved

default domain policy in AD exemptions

Posted on 2016-09-01
3
79 Views
Last Modified: 2016-10-03
1, Is it at all possible in an AD domain to exempt users from the default domain policy, which contains the password policy for all users. I am trying to prove for a compliance audit that all accounts in the domain are subject to this policy.

2, Also via the powershell AD cmdlets, is it possible to export the default domain policy settings?
0
Comment
Question by:pma111
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 250 total points
ID: 41779680
1. Is it at all possible?  
If a user account has "Password not Required" or "Password not Expire" then those user accounts will effectively be 'exempted' from the domain policy in those regards.

Second possibility to use different password policies would be via Fine Grain Password policies...

2. I assume you mean in a human readable format?  Does Get-GPOReport export the GPO in a format you want?  (There's a more generic Get-GPO, which you could then spindle, fold, and mutilate and write in a specific format you wanted... )
0
 
LVL 21

Assisted Solution

by:RK
RK earned 125 total points
ID: 41779682
Hi,

Yes, it is possible. What you have to do is, go to gpmc.msc>>Select the Default domain Policy>Select 'Delegation' from right hand side>Click Add to add the appropriate users>Once added, Select the user>click Advanced>select the newly added user>In the 'Apply group policy' make it 'Deny'. So, when the user login next time, the default domain policy won't apply to this user.

In the same page, if you click Settings, you will get all the configured policies in this. Right click and save report as XML format.
0
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 125 total points
ID: 41779688
You can filter group policy by scope (users, groups) or WMI filters (more powerful, more complicated)
gpo filters
Best to export from the GPO menu
GPO-report.jpg
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question