Thanks Charles that is exactly what I was looking for.
From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Tuesday, December 30, 2014 10:56 AM To: [email protected] Subject: RE: [NTSysADM] FGPP question http://blogs.technet.com/b/askpfeplat/archive/2013/10/07/fine-grain-password-policy-for-active-directory-2008-domain-does-not-apply.aspx "Note: On Windows 8 or Server 2012 Directory Services Administration Center (DSAC.EXE) you will find an option on a user account with a right click for checking resultant password policies. This does not work until the schema is extended to support Windows 2012 domain controllers. The powershell command does work without extending the schema.” So you can use Get-ADuserResultantPasswordPolicy <USERNAME> From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Christopher Bodnar Sent: Tuesday, December 30, 2014 10:21 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] FGPP question We finally have a use case where we need to setup a separate password policy for a group of users. Haven’t done this before, but have read about it. Domain is 2008 R2 DFL/FFL. I used ADAC on a 2012 R2 box to create the PPO and assign it to a group. I tested and it seems to be working exactly as designed. The PPO is assigned to a group currently , not directly to any user accounts. When I right click on a user in the group, and choose “View Resultant password settings” I get the following error: [cid:[email protected]] But if I look at the properties of the group, it correctly shows me PPO that is directly associated to it: [cid:[email protected]] Is this feature only available in 2012 DFL/FFL? Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ________________________________ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
