I imagine that you could also create additional domain-level password policies, and deny the "apply group policy" security right to the objects you don't want the policy to affect. That way, you'll still be able to have domain policies for users in those OUs.
There are also more robust password-compliance packages available for purchase. Avatier is one that I remember hearing positive reviews. http://www.avatier.com/ -tom > -----Original Message----- > From: Travis Riddle [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 02, 2003 3:20 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Password Policy > > > I think I will give it a test by creating a new OU and > setting block inheritance, moving one of the users over then > taking it off. I will let you know how it works out. If > that doesn't work I may just bite the bullet and send them an > email telling them that sometime next week they will be > required to change their password on login (I can just run a > small script to set that attribute the accoutns in that OU). > I don't know that my director will be to happy with a request > for password hacking software :). Thanks for the replies > everyone, ill update on what happens. > > Travis List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
