How to apply fine grained password policy to an OU RRS feed

  • Question

  • I have an OU called TestOU-1. Now I want to apply fine-grained password policies to all the users in TestOU-1. I know fine grained policies can be applied to global security groups and users only. But I heard of shadow groups through which fine-grained policies can be applied to an OU. 

    How do I create a shadow group for TestOU-1. I know how to create a fine-grained policy. After creating it, what should be the value of msDS_PasswordAppliesto. Is it the DN of the TestOU-1 or the shadow group that I created. Also, do I have to create a global security group before creating a shadow group for the OU? 

    Thanks and Regards, Radhakrishnan

    Monday, June 18, 2012 10:42 AM


  • In global security group we can have member from any OU who need to be covered under FGPP where as shadow group is a group used to have all the users from particularity department like finance or sales guy in one group & it is automated to either add or delete the group membership automatically using scripts(powershell or vb-script) or schedule task.

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, June 18, 2012 11:42 AM

All replies