I don't have a spare AD environment to test on. This has been my impression for a long time, but I can't verify it beyond saying that the NSA thinks so, too: http://nsa2.www.conxion.com/win2k/guides/w2k-3.pdf
Page 25. > -----Original Message----- > From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 02, 2003 2:46 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Password Policy > > > Really, > > I was under a different impression. Easy way to test it is > in a small AD > environment. Set it to one day then change the date. > > Todd > > -----Original Message----- > From: Tom Meunier [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 02, 2003 3:27 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Password Policy > > > Hi Travis, > > If I'm understanding correctly, that password policy isn't > going to force > them to all of a sudden change their passwords. It will > commence its expiry > and complexity and history awareness upon subsequent password > change. Don't > sweat it. > > I'm certain someone smarter than me will correct me within a > few minutes, if > I'm wrong. > > You can't set password policies on an OU. They're valid as > domain policies > only. > > -tom List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
