This is a great reason to upgrade to 2008. Fine grained password policies would allow you to assign different password policies for different groups of folks all in the same domain. however, all DC's would need to run 2008, as the domain functional level would need to be Server 2008. You can still have 2003 member servers.
http://technet.microsoft.com/en-us/library/cc770394%28WS.10%29.aspx -A On Thu, Jul 29, 2010 at 8:53 AM, McKay, Curtis <[email protected]> wrote: > If you can avoid multiple domains I would. We had a forest with 3 domains > when this network was created, but then built one large one from scratch > last summer and migrated. Any setup with 3rd party products that support > ldap authentication start to get really messy when there’s multiple > domains. Example, since we had 3 domains, we had to have 3 openfire servers > for instant messaging. Openfire supports ldap auth against at most 2. 2 > servers would have been more confusing than 3 for our purpose. Once we went > to one domain, we went down to one openfire box. Cymphonix, same thing. > Had to load 3 different AD agents into the content filter for it to work. > > > > Having a domain trust is going to require additional servers and if we’re > talking additional boxes, might as well put 2008 on them and upgrade the > current domain. That’s the technical fix. Explanation of the technical > gotcha to the administration might go nowhere but you could try. > > > > Curtis McKay > > Network Administrator > > Belleville Township High School District 201 > > [email protected] > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Ben Story > Sent: Thursday, July 29, 2010 7:32 AM > To: Tech-Geeks Mailing List > Subject: Re: [tech-geeks] Password Restrictions - Windows 2003 Server > > > > What about making an overarching forest in AD with two domains (that trust > each other). Then staff would just need to login as say > [email protected] to use the same machines as the kids. > > On Thu, Jul 29, 2010 at 7:29 AM, Tom Wilson <[email protected]> wrote: > > Currently our network is Windows based with our servers being 2003. In the > past, our K-3 students have had accounts, but no passwords. I had staff and > grades 4-8 set a password of 5 chars and just didn’t tell them that it would > accept blank passwords. I had to do it this way since 2003 server won’t > allow more than one password policy per domain. I am now being instructed > to put strong password policies on the staff accounts. In order to do this, > it would mean that all our students, including K-3 students, will have to > somehow learn an 8 char password with 3 of 4 letters, numbers, caps, > symbols, and then change it every 60 days without repeating the same > password 6 times. I just can’t fathom how a K-3 student will be able to do > this on their own. If you have a 2003 environment, how do you handle the > younger students passwords? Is there a way to somehow make a 2003 domain > accept more than one password policy? > > > > Thanks, > > > > Tom Wilson > > Technology Coordinator/ > > Network Manager > > District 50 Schools > > Washington, IL > > (309) 745-9531 > > > > > > | Subscription info at http://www.tech-geeks.org | > > > -- > -- > Ben Story > CCSP, CCNA, CCNA Wireless, CCDA > [email protected] > > "You cannot escape the responsibility of tomorrow by evading it today. -- > Abraham Lincoln > > | Subscription info at http://www.tech-geeks.org | > -- "Don't ask yourself what the world needs. Ask yourself what makes you come alive and then go do that. Because what the world needs is people who have come alive." -Dr. Howard Thurman ****************************** Aaron Keith Hackney [email protected] Cell 210.325.2196 ****************************** | Subscription info at http://www.tech-geeks.org |
