Default Domain Policy password policy not working

Alle Antworten

• Samstag, 19. Januar 2013 22:22

   

   
  

  1

  Do you have fine grained password policy in place? http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspx

  ---

  Best Regards, Alexander Trofimov
  • Antworten
  • Zitieren

   
• Sonntag, 20. Januar 2013 00:08

   

   
  

  1

  Are you using fine grained password policies?

  Run gpresult /h c:\report.html to see what is actually being applied.

  Also you can try GP modeling tool to see which GPO should apply and what is the winning GPO.

  ---

  http://mariusene.wordpress.com/

  • Antworten
  • Zitieren

   
• Montag, 21. Januar 2013 14:52

   

   
  

  0

  Hello,

  No we are not using fine grained password policies at this moment.  When running gpresult /h the report lists the default domain policy as being applied to both computer and user configuration.

  • Antworten
  • Zitieren

   
• Montag, 21. Januar 2013 20:24

   

   
  

  1
  Am 19.01.2013 23:06, schrieb Justin.Allen.BU:

  > In my server 2008 r2 domain I have a password policy set at the domain

  > level, in the default domain policy, saying that passwords expire

  > every 180 days.  41 days ago I forced a reset of all users passwords

  > and now everyone is getting a message saying that their password

  > expires tomorrow.  When I check the gpo it still says 180 days.  When

  > I look at the properties of the domain under AD Users and Computers it

  > says password expires every 42 days but I thought that only applied to

  > the default domain administrator account. I did try changing that but

  > it resets itself back to 42 days when I refresh.  I run rsop and all

  > settings are being applied correctly.  When I run net accounts it

  > tells me max password age is 42 days.  Any help would be greatly

  > appreciated!!

   

  Create a RSoP (through GPMC) on your PDC emulator (!!!) and check what

  policy is responsible for yor PW expiration setting.

   

  ---

  NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
  Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
  • Antworten
  • Zitieren

   
• Dienstag, 22. Januar 2013 21:42

   

   
  

  0

  I just wanted to update this on that we have, with help from MS, found a resolution, somewhat...

  After a bunch of testing and research we were leaning towards this being a replication issue.  No errors or warning in the event viewer but if we looked at gpmc and changed which domain controller we were looking at (we have 5) the policy was different on each one.  Testing showed that even with a forced replication this stayed the same.  So I decided to call MS tech support.

  So I spent all morning on the phone with MS tech support, they even remoted in and took a look at my DCs.  After looking around and doing a bunch of tests they told me there weren't any problems with replication.  I have spent this afternoon testing and that seems to be the case.
  

  On that note, I did watch them quite carefully as they were in there, and there were two things they did.  One was to remove the replication connections under NTDS settings AD Sites and Services and let them regenerate themselves.  Two was they stopped and started the File replication service on each DC.  I have no idea if one of those was the cause but it is no longer happening, and they told me they didn't know why it happened in the first place.
  

  • Als Antwort markiert Justin.Allen.BU Dienstag, 22. Januar 2013 21:42
  • Tag als Antwort aufgehoben Andy QiMicrosoft Contingent Staff, Moderator Freitag, 1. Februar 2013 09:03
  • Als Antwort markiert Andy QiMicrosoft Contingent Staff, Moderator Freitag, 1. Februar 2013 09:03
  •  
  • Antworten
  • Zitieren