I'm confused as to why the 512 UAC flag is making anybody think that passwd_notreqd is set. A setting of 512 indicates a normal account. 544 would indicate a normal account with passwd_notreqd set.
Laura > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, September 06, 2006 2:19 PM > To: [email protected] > Subject: Re: [ActiveDir] Strange password issue > > Tom, I believe that the passwd_notereqd does in fact override the DDP. > > Jason Centenni | The Capital Group Companies | Location: > SNO | Extension: 44843 > Outside: 210-474-4843 | Cell: 210-385-5932 | E-mail: > [EMAIL PROTECTED] > [ Mailing: 3500 Wiseman Blvd. San Antonio, TX 78251-4321 > USA ] > > > > > > > > > "Tom Kern" > > <[EMAIL PROTECTED] > > > > To > > [email protected] > Sent by: > cc > [EMAIL PROTECTED] > > ail.activedir.org > Subject > Re: [ActiveDir] > Strange password > issue > > 09/06/2006 12:09 > > PM > > > > > > Please respond to > > [EMAIL PROTECTED] > > tivedir.org > > > > > > > > > > This is a domain account. > > To rehash- > > The Default Domain Policy is set to min password length- 6 charcters. > This was created 2 years ago and never changed. > User account is a domain account created a month ago. > It was bought to my attention that the user can log in with > no password. > I confirmed. > The userAccountControl attribute of the user object was set > to 512(not that i'm certain if setting the passwd_notreqd > overrides the DDP). > The domain/forest is at w2k3 FL. > > Thanks > > > > On 9/6/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote: > Impossible/irrelevant. If it's a domain account, the policy applies > regardless, because the account is stored in AD. If it's a > local account, > then the policy doesn't apply regardless; domain account > policies don't > apply to local accounts. Is this a local account or a > domain account? > > Laura > > > From: [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Wednesday, September 06, 2006 11:44 AM > To: [email protected] > Subject: Re: [ActiveDir] Strange password issue > > > If you mean before the policy was set up, then, no. > This policy has been in effect for a couple of years and > the account was > created a month ago.. > > Maybe the PC is not getting the Default Domain Policy? > > > > > On 9/6/06, Williams, Robert > <[EMAIL PROTECTED] > wrote: > Tom, > > > > > > This is just a stab in the dark but is it possible that this user's > password was set prior to the Default Domain Policy being > in effect? > > > Robert Williams > > > > > > From: [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Wednesday, September 06, 2006 9:39 AM > To: activedirectory > Subject: [ActiveDir] Strange password issue > > > > > > I'm having this weird issue where I have a user account > who is able to > log in with a blank password. > > > The Default Domain Policy is set to a min password length of 6 > characters. > > > The userAccountControl on the user is set to 512. > > > > > > The Domain is at win2k3 DFL and FFL. > > > > > > Is there any other way besides a migration tool like Quest > that could > circumvent this policy and allow blank passwords? > > > > > > Thanks > > > 2006-09-06, 11:32:05 > The information contained in this e-mail message and any > attachments may > be privileged and confidential. If the reader of this > message is not the > intended recipient or an agent responsible for delivering it to the > intended recipient, you are hereby notified that any review, > dissemination, distribution or copying of this > communication is strictly > prohibited. If you have received this communication in > error, please > notify the sender immediately by replying to this e-mail > and delete the > message and any attachments from your computer. > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
