|
Mike-
Its a common question. There is currently only one *domain*
password policy supported per AD domain. It does not have to be set in the DDP
but it does have to be set on a GPO that is linked to the domain (if you have
more than one, then the highest in the list wins). So you can't create separate
policies for different user groups if those users are domain accounts. What you
can do is have separate account policies for local member server or
workstation SAM-based accounts, but that isn't what you're asking, is
it?
Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Wednesday, January 18, 2006 4:51 PM To: [email protected] Subject: [ActiveDir] Accout policy Sorry for the
newbie question…. So is it true
you can only apply an account policy, for example a password policy to change
passwords every 90 days only to the default domain policy?
I need to
change my policy setting per groups for password expiration, ex finance, HR,
etc, for compliance. I thought I
could apply a password policy per OU for each
group… Am I wrong?
Thanks Mike
|
- [ActiveDir] Accout policy Mike Hogenauer
- RE: [ActiveDir] Accout policy Darren Mar-Elia
- RE: [ActiveDir] Accout policy Mike Hogenauer
- RE: [ActiveDir] Accout policy Jonathan Watts
