Troy-
Pieces of what you want to do can be done natively, other pieces cannot.
Native: You can go through in a given OU and mark accounts for password
change at next login (either via ADU&C or via a script). But not done
via GPO.
Non native: You'll need a 3rd-party tool installed on ALL your DC's.
It basically replaces Microsoft's (I forget the exact term) PASSFILT or
GINA (hooks into the LSASS process). Google should return the vendors
who can provide this software. Will provide many more options than
MIcrosoft's complex password scheme, very granular if you want to go
that route.
We had looked at one of the vendor's tools (when we implemented complex
passwords years ago) - but in our case, it was very expensive (did I say
installed onto EVERY domain controller - we have hundreds!). If you
have only a couple of DC's, then it may not be that big a deal (a few
hundred dollars per DC).
Good luck!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, January 07, 2008 1:59 PM
To: Active Directory Admin Issues
Subject: GPO for Resetting Passwords
I would like to force a group (in an OU of Active Directory) of
users to key a new password when they logon. Along with that, they
cannot use the previous password.
Can that be done through a GPO?
Thanks...
Troy
Troy Adkins
Network Administrator
Virginia House of Delegates
804.698.1567 (O)
804.771.7917 (F)
~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in
eWEEK Test! ~
~ ~
~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~
~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
