Avatar of Indie101
 asked on

Issue with applying password policy to default domain policy

Quick query on a new password policy for a customer 70 users, only 10 have been prompted for password change

This is at applied at default domain policy and domain level (environment is small so default policy has been edited)

Any best way to change password age policy in powershell, gpresult, etc just looking to get this sorted

Appreciate any best troubleshooting steps to look at this
PowershellActive DirectoryTroubleshooting

Avatar of undefined
Last Comment

8/22/2022 - Mon

For the default password policy to work, the GPO defining it has ...
* to be linked to the Domain Root
* to apply to the Domain Controllers (so no blocked inheritance for the Domain Controllers OU!)
You need to look at gpresult or a GPMC report for the Domain Controllers, not for the clients.

Note: small or not, best practices are the same: you should leave the default domain policy alone and create your own GPOs. Always.

If you're looking into more granular settings, you need Fine-Grained Password Policies:
Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD

does your query is to force all users to change there password?

Thanks so I should just run a gpmc report on the domain controller and that will tell which users the policy is being applied to?
Your help has saved me hundreds of hours of internet surfing.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Thanks will check that out