• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 27
  • Last Modified:

Fine Grained password policy will not allow groups to be assigned to it.

Hey Guys,

I set up a password policy in Active directory.  Our domain is native 2012 r2 functional level.

I can assign users to the policy under the "Directly Applies TO" section.

However, I cannot apply it to a group.  I get an error that the group object cannot be found even though it does.  When I enter a partial name, it only lists user objects even though user and group objects are both checked.  I have tried from the root of the directory as well as the container that the group is located in.

Has anyone else seen this behavior and know what the fix is?
0
horsemenl
Asked:
horsemenl
  • 4
1 Solution
 
horsemenlAuthor Commented:
A quick update.

What is weird is that I can go to the Password Settings Container under Active Directory Users and Computers and add the DN of the group under the attribute msDS-PSOAppliesTo.

Does anyone else see groups when trying to apply the password policy under the Active Directory Administrative Center?
0
 
horsemenlAuthor Commented:
Another update:

Even though I added the group to the msD-PSOAppliesTo attribute, it does not work.  It only works on individual users, so my initial issue is still in play.
0
 
horsemenlAuthor Commented:
I have included a screenshot of the error

Screenshot of the error
0
 
horsemenlAuthor Commented:
I found the resolution.

Our groups are Universal and you can only apply FGPP to Global groups.  I changed the group to Global and then was able to apply it normally.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now