Our experience with ADMT v2 (beta) matched what Jorge said...source passwords did not have to meet the target requirements when migrated, but the next time the migrated user changed passwords the new ones did have to meet the target requirements. I'm not sure if this has changed in later versions of ADMT.
Hunter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Wednesday, March 23, 2005 7:51 AM To: [email protected] Subject: Re: [ActiveDir] Enabling Password must meet complexity requiremen ts On Wed, 23 Mar 2005 14:49:51 +0100, Jorge de Almeida Pinto <[EMAIL PROTECTED]> wrote: > When password complexity is enabled: > * If you migrate a user from a source domain to the domain with > password complexity (length, complex, etc.) enabled the password does > not need to meet the password policy in the DDP GPO (when using ADMT, > and also some other third party products do this, the password hash is > copied so that the target DC cannot verify it the actual password meets the password policy.). > After the user has been migrated and if the option (which by default > is checked is you use ADMT) that the user must specify a new password > at next logon, that new password must meet the complexity requirements > in de password policy in the DDP GPO I don't know about ADMT and I'm still getting stuff running on my new laptop so I can't test it right now, but with NetIQ (and Quest too I believe, but it's been a while since I used it) the target domains password policy has to be equal to or more simple than the source domains password policy. If the targets policy is more complex the password copy will fail and a random complex password will be generated (depending on the options you chose when setting up the migration project). I would be surprised if ADMT was able to get around this, I would expect that when ADMT tried to enable the user it would get an error that the password didn't meet complexity. Phil List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
