RE: [ActiveDir] Password Police Question on Forest-ChildDomain relationship

[Rocky Habeeb]

Thanks Jorge,   I just figured that out by virtue of the fact that nothing was defined in the Default Domain Controllers Policy.  Can you answer these questions please? [1]  Why does the Default Domain Controllers Security Policy have a password section? [2]  What happens if you change a setting in it? (ie: who does it apply to?) [3]  If you set a password policy at the empty forest root level, does it flow down to children and set things sans conflict at the child domain?   As always, I appreciate you helpful insight.   RH ____________________________________   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Almeida Pinto, Jorge de Sent: 13 November, 2006 10:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Password Police Question on Forest-ChildDomain relationship What passwords are you talking about? For which accounts?   It will not let you change the password as the policy mentions: “at least 1 day old”   Password policies are not defined in the default domain controllers policy, but in the default domain policy   Cheers, jorge   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: maandag 13 november 2006 15:56 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Password Police Question on Forest-ChildDomain relationship   Dear List readers,   I have a Forest (W2K3 FFL) with an empty root domain and a single child domain (W2K3 FFL).  Today I changed the password on all my servers in the child domain including the domain controllers.  I meant to exclude them but did not.  Now they have the same password as my member servers.  I went to change the password again on the DCs in the child domain, but they will not let me.  "Your password must be at least 8 characters, cannot repeat any of your previous 0 passwords and must be at least 1 days old" is the error I get.  I have a domain policy set for the computers in the domain, which has the complexity specified above as far as characters, but the group policy (default Domain Controllers) for my DCs in the child domain is "Not Defined" in all of the password policy options.  Nor is there anything defined in the Forest Root Default Domain Controllers policy, which I thought might be flowing down to my Child Domain DCs.    I cannot find where the policy might be set keeping me from changing the password in my Child Domain DCs.   Would anyone know where to find that setting?   I would like to reset my Child DCs so their password is different.   Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company Old Town, Maine This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.