Password policy changes for domain user accounts can only take affect if they are linked to a GPO at the domain level. I have a short video training session that explains this at www.gpoguy.com/training.htm if you're interested in understanding more.
So, bottom line is that if you're making password complexity changes to domain user accounts, it must be done on a GPO linked at the domain level. Since the Default DC Policy is linked at the OU level, it won't effect anything. Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO tips, tools and whitepapers. Also check out the Windows Group Policy Guide, a soup-to-nuts resource for Group Policy information. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher Sent: Friday, June 09, 2006 1:59 PM To: [email protected] Subject: [ActiveDir] Password Policy change Hello, When the default domain controller policy is changed in respect to password complexity, length, etc., how long is it before the change takes affect? We have an automated system that is trying to change passwords but is getting bounced back that the password doesn't meet complexity. I changed the policy about 45 minutes ago and it has propogated to all DC's. Any info would be appreciated. Christopher Flesher The University of Chicago NSIT/DCS (773)-834-8477 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
