Re: Active Directory Domain Policy

There are rumours that we will have a solution next year.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Harj wrote:
Hi,

If you have strong programming skills you can create your own password
filter.
There is no "out of the box" solution of multiple password policies
within a domain and believe me you are one of large amounts of
organizations that are realizing this limitation of one password policy
and are scratching their heads figuring out the next step.
Best practice of creating a completely new domain just for this sole
purpose does not cut it for everyone looking for a solution.
There are third party solutions out there that allow you multiple
password policies within a single domain as well as controlling
password age on a per policy bases with no additional hardware
required.

Password Filters

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/security/password_filters.asp

Good luck

Harj Singh
Password Policy done right
www.specopssoft.com






Joe Richards [MVP] wrote:
Currently Windows only allows a single domain password policy.

If you set policy on OUs, the policy will apply to the member machines
local to that OU and any IDs that exist on those member machines. Domain
IDs will be unaffected.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


CAMC1 wrote:
Hi,

We have Active Directory Domain Policy which I want to enforce password
expiration and remembered passwords, and so on.
But I want certain users and or exchange mailboxes be excluded from this
policy.
Instead of forcing domain wide policy, if I create another OU, move all
users to be part of this policy to the new OU, and implement it OU level,
is there anything wrong doing it this way?

IS there a better way to appoach this issue?

Thanks
MC



.

Relevant Pages

  • Re: Active Directory Domain Policy
    ... objects into that OU that you don't want effected by the domain policy? ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ...
    (microsoft.public.win2000.active_directory)
  • Re: Active Directory Domain Policy
    ... Domain policy is applied to domain controllers which apply it to the NC Head object and use it in the domain policy. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ...
    (microsoft.public.win2000.active_directory)
  • Re: Bandwidth Hogging by server communication...
    ... > Therefore you could try to change the slow link detection speed to be ... > Policy is being applied, expand the User Configuration node and navigate ... > Active Directory Replication Events During Scheduled Available Windows ...
    (microsoft.public.win2000.networking)
  • Re: Disable search for Active Directory
    ... either Group Policy settings or Registry. ... Maximum size of Active Directory searches ... that are returned from an Active Directory search. ... Hides the Active Directory folder in My Network Places. ...
    (microsoft.public.windows.server.active_directory)
  • Organizational Units
    ... I was told I do not know anything about active directory ... that I could apply group policy to them. ... All *domain* Israel Network resources will be univalible ... up security wise, does it not inherit security info from ...
    (microsoft.public.win2000.active_directory)
Loading