?
Solved

default domain policy in AD exemptions

Posted on 2016-09-01
3
Medium Priority
?
115 Views
Last Modified: 2016-10-03
1, Is it at all possible in an AD domain to exempt users from the default domain policy, which contains the password policy for all users. I am trying to prove for a compliance audit that all accounts in the domain are subject to this policy.

2, Also via the powershell AD cmdlets, is it possible to export the default domain policy settings?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 41779680
1. Is it at all possible?  
If a user account has "Password not Required" or "Password not Expire" then those user accounts will effectively be 'exempted' from the domain policy in those regards.

Second possibility to use different password policies would be via Fine Grain Password policies...

2. I assume you mean in a human readable format?  Does Get-GPOReport export the GPO in a format you want?  (There's a more generic Get-GPO, which you could then spindle, fold, and mutilate and write in a specific format you wanted... )
0
 
LVL 22

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 500 total points
ID: 41779682
Hi,

Yes, it is possible. What you have to do is, go to gpmc.msc>>Select the Default domain Policy>Select 'Delegation' from right hand side>Click Add to add the appropriate users>Once added, Select the user>click Advanced>select the newly added user>In the 'Apply group policy' make it 'Deny'. So, when the user login next time, the default domain policy won't apply to this user.

In the same page, if you click Settings, you will get all the configured policies in this. Right click and save report as XML format.
0
 
LVL 16

Assisted Solution

by:Carol Chisholm
Carol Chisholm earned 500 total points
ID: 41779688
You can filter group policy by scope (users, groups) or WMI filters (more powerful, more complicated)
gpo filters
Best to export from the GPO menu
GPO-report.jpg
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses
Course of the Month14 days, 8 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question