Link to home
Start Free TrialLog in
Avatar of Indie101
Indie101

asked on

Issue with applying password policy to default domain policy

Quick query on a new password policy for a customer 70 users, only 10 have been prompted for password change

This is at applied at default domain policy and domain level (environment is small so default policy has been edited)

Any best way to change password age policy in powershell, gpresult, etc just looking to get this sorted

Appreciate any best troubleshooting steps to look at this
Avatar of oBdA
oBdA

For the default password policy to work, the GPO defining it has ...
* to be linked to the Domain Root
* to apply to the Domain Controllers (so no blocked inheritance for the Domain Controllers OU!)
You need to look at gpresult or a GPMC report for the Domain Controllers, not for the clients.

Note: small or not, best practices are the same: you should leave the default domain policy alone and create your own GPOs. Always.

If you're looking into more granular settings, you need Fine-Grained Password Policies:
Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD
https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad/
does your query is to force all users to change there password?
Avatar of Indie101

ASKER

Thanks so I should just run a gpmc report on the domain controller and that will tell which users the policy is being applied to?
ASKER CERTIFIED SOLUTION
Avatar of oBdA
oBdA

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks will check that out