I am trying to setup/configure FGPP on our Server 2008 DC. After stepping thourgh all of the steps in ADSIEdit when I click Finish receive the error code 0x57 LdapErr: DSID-oC090C3E, comment: Error in attribute conversion operation, data 0,v1db1
Has anyone seen this before. Todd Lemmiksoo On Wed, Jul 16, 2014 at 3:42 PM, Brown, Ken F. <[email protected]> wrote: > Password complexity is determined when they are changing their password. > > > > If they are already logged in (they have Kerberos tickets) – they won’t be > prompted to change it when complexity is enabled. > > > > After complexity is enabled and a user is prompted to change their > password (or does the CTRL-ALT-DEL to change their password before being > prompted) – they will have to pick a password that meets the new criteria > (length, complexity, reuse, etc). > > > > This applies to all users, as the domain policy applies at the root of the > domain so all domain controllers will use it (i.e. you can’t block this > policy for domain accounts). > > > > That being said, if your domain is at 2008 you can use fine grain password > policy (FGPP - > http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspx) to > have different password policies for different users – based upon group > membership (NOT by OU’s!) > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kuehn, Shannon > *Sent:* Wednesday, July 16, 2014 4:31 PM > *To:* '[email protected]' > *Subject:* [NTSysADM] Password Complexity Implementation Questions > > > > Hi all, > > > > Quick questions for the uber skilled (many thanks in advance): > > > > - When implementing password complexity via GPO, what happens to > my users who are logged in with poor passwords? Do they get prompted to > change their password when the GPO refreshes? > > - What will happen to users traveling? Most of my users have a > desktop in the office (authenticated to our AD controllers) and a laptop > they travel with (to access our Citrix environment remotely). When the GPO > refreshes, are they SOL? > > - I intend to flesh out as much as possible before > inconveniencing my users (I promise). The thing I’m having a tough time > figuring out are answers to the above 2 questions. > > > > Any help or ideas you can offer, will be awesome and very much appreciated. > > > ________________________________________ > E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any > attachments are intended solely for the addressee(s) and may contain > confidential and/or legally privileged information. If you are not the > intended recipient of this message or if this message has been addressed to > you in error, please immediately alert the sender by reply e-mail and then > delete this message and any attachments. If you are not the intended > recipient, you are notified that any use, dissemination, distribution, > copying, or storage of this message or any attachment is strictly > prohibited. > > GEM Realty Capital, Inc. and its affiliates and subsidiaries are not > responsible for any recommendation, solicitation, offer or agreement or any > information about any transaction, customer account or account activity > contained in this communication. > -- T. Todd Lemmiksoo
