Re: Password Policy
- From: Meinolf Weber
- Date: Sat, 29 Mar 2008 13:04:38 +0000 (UTC)
Hello DonnaJabbeliborg@xxxxxxxxxxxxxxxxxxxxxxxxx,
If you have different settings between old and new DC's, it seems fro a replication problem between the DC's. So check replication first.
From another posting.
If you don't have the support tools installed, install them from your server install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time.
If you download a gui script I wrote it should be simple to set and run (DCDiag and NetDiag). It also has the option to run individual tests without having to learn all the switch options. The details will be output in notepad text files that pop up automagically.
The script is located on my website at http://www.pbbergs.com/windows/downloads.htm
Just select both dcdiag and netdiag make sure verbose is set. (Leave the default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Is this a default policy? The policy is Max password age 42, min
password age 1, min password lenth 0, password history 24.
I have a Password policy in the Default Domain Group Policy. If you
RSoP, it shows the policy as it should, but the passwords expire every
30 days and the policy it uses is the one above. This has been the
case every since we installed the new DC's. Any ideas? We have never
had the policy above any where and I've looked for it every where I
can think of. The only way I can make it change is to check never let
password expire.
Regards,
DJ
.
- References:
- Password Policy
- From: DonnaJ@abbe-lib.org
- Password Policy
- Prev by Date: Re: folder redirection wierd outcome
- Next by Date: RE: Screen Saver with GP
- Previous by thread: Password Policy
- Next by thread: Re: Can't change "Access this computer from the Network" Group Policy!
- Index(es):
Relevant Pages
|
Loading
