none
Fine Grain Policy not working

    Question

  • Hello, I have created a FGP to our administrative accounts. I have the FGP setup and attached to the admin accounts. If i do a dsget it shows my fpo being applied

      effectivepso
      "CN=IT-Admin-PSO,CN=Password Settings Container,CN=System,DC=domain,DC=com"
    dsget succeeded

    which is set for 30 days but if i do a net user on my account its still showing for 3 months

    Full Name                    Chris Mowers - Elevated
    Comment
    User's comment
    Country code                 000 (System Default)
    Account active               Yes
    Account expires              Never

    Password last set            11/4/2015 11:18:21 AM
    Password expires             2/2/2016 11:18:21 AM
    Password changeable          11/4/2015 11:18:21 AM

    Any ideas of what could be causing this? Domain is set to 2008

    Friday, November 06, 2015 1:23 PM

Answers

  • This is because the "net use" command is unaware of FGPPs, it will only display the password expiration date which is set by the default domain Policy.

    To view the resultant PSO (fine-grained password policy) for users, use Get-ADUserResultantPasswordPolicy from the Active Directory module for Windows PowerShell:

    https://technet.microsoft.com/en-us/library/dd391956(WS.10).aspx


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 09, 2015 9:13 AM
    Moderator

All replies

  • This is because the "net use" command is unaware of FGPPs, it will only display the password expiration date which is set by the default domain Policy.

    To view the resultant PSO (fine-grained password policy) for users, use Get-ADUserResultantPasswordPolicy from the Active Directory module for Windows PowerShell:

    https://technet.microsoft.com/en-us/library/dd391956(WS.10).aspx


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 09, 2015 9:13 AM
    Moderator
  • thanks for your reply. I will check that out today to make sure and will reply back when i can

    Tuesday, November 10, 2015 1:00 PM