Password Expiry - AD Mixed Mode.

G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I'm trying to get the 'maximum password age' to work.
I have set it to 90 days, however when I run 'net user myuser /domain' ....
'Password expires' is shown as never.
I tried setting it on one of the NT 4 servers using 'User Manager',
'Policies', 'Accounts' and then ran 'net user myuser /domain' and it
correctly shows my password as expired with a date.

Also some other interesting things I noticed, on my Windows 2000
workstation, in control panel, Administration Tools, Local Security Policy I
see the maximum password age enforced by policy of 90 days.

However on the Windows 2000 Active Directory servers in control panel,
Administration Tools, Local Security Policy, I see the default maximum age
of 42 and NO enforced password policy.

It seems that the 'maximum password age' policy does not work in Mixed mode?
Can anyone confirm this?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

To apply password policies you must do it through either
the default domain controllers policy, or by applying a
seperate GPO to the domain controllers OU. The reasoning
behind this is that the policy applies to the SAM database
which is housed by domain controllers.

Adoyt

>-----Original Message-----
>I'm trying to get the 'maximum password age' to work.
>I have set it to 90 days, however when I run 'net user
myuser /domain' ....
>'Password expires' is shown as never.
>I tried setting it on one of the NT 4 servers using 'User
Manager',
>'Policies', 'Accounts' and then ran 'net user
myuser /domain' and it
>correctly shows my password as expired with a date.
>
>Also some other interesting things I noticed, on my
Windows 2000
>workstation, in control panel, Administration Tools,
Local Security Policy I
>see the maximum password age enforced by policy of 90
days.
>
>However on the Windows 2000 Active Directory servers in
control panel,
>Administration Tools, Local Security Policy, I see the
default maximum age
>of 42 and NO enforced password policy.
>
>It seems that the 'maximum password age' policy does not
work in Mixed mode?
>Can anyone confirm this?
>
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Ahh I see.
I set it in the 'Default Domain Policy'.
I will set it in the 'Default Domain Controllers Policy' and see how that
goes.
Thanks!

"adoyt" <adoytnospam@inventrix.net> wrote in message
news:e3e501c43c7e$5dd7dbf0$a401280a@phx.gbl...
> To apply password policies you must do it through either
> the default domain controllers policy, or by applying a
> seperate GPO to the domain controllers OU. The reasoning
> behind this is that the policy applies to the SAM database
> which is housed by domain controllers.
>
> Adoyt
>
> >-----Original Message-----
> >I'm trying to get the 'maximum password age' to work.
> >I have set it to 90 days, however when I run 'net user
> myuser /domain' ....
> >'Password expires' is shown as never.
> >I tried setting it on one of the NT 4 servers using 'User
> Manager',
> >'Policies', 'Accounts' and then ran 'net user
> myuser /domain' and it
> >correctly shows my password as expired with a date.
> >
> >Also some other interesting things I noticed, on my
> Windows 2000
> >workstation, in control panel, Administration Tools,
> Local Security Policy I
> >see the maximum password age enforced by policy of 90
> days.
> >
> >However on the Windows 2000 Active Directory servers in
> control panel,
> >Administration Tools, Local Security Policy, I see the
> default maximum age
> >of 42 and NO enforced password policy.
> >
> >It seems that the 'maximum password age' policy does not
> work in Mixed mode?
> >Can anyone confirm this?
> >
> >
> >
> >.
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Tried this and the maximum password age is never again.
Please clarify were it should be set... In the "Domain Controller Policy",
"Domain Security Policy", "Local Security Policy" in Control Panel on the
Domain Controller ?
Or "Default Domain Policy" in the "Domain Controllers" OU in "Active
Directory Users and Computers"?

"Peter Cronwright" <nospam.peter.cronwright@spotless.co.nz> wrote in message
news:%2329yIXIPEHA.3016@tk2msftngp13.phx.gbl...
> Ahh I see.
> I set it in the 'Default Domain Policy'.
> I will set it in the 'Default Domain Controllers Policy' and see how that
> goes.
> Thanks!
>
> "adoyt" <adoytnospam@inventrix.net> wrote in message
> news:e3e501c43c7e$5dd7dbf0$a401280a@phx.gbl...
> > To apply password policies you must do it through either
> > the default domain controllers policy, or by applying a
> > seperate GPO to the domain controllers OU. The reasoning
> > behind this is that the policy applies to the SAM database
> > which is housed by domain controllers.
> >
> > Adoyt
> >
> > >-----Original Message-----
> > >I'm trying to get the 'maximum password age' to work.
> > >I have set it to 90 days, however when I run 'net user
> > myuser /domain' ....
> > >'Password expires' is shown as never.
> > >I tried setting it on one of the NT 4 servers using 'User
> > Manager',
> > >'Policies', 'Accounts' and then ran 'net user
> > myuser /domain' and it
> > >correctly shows my password as expired with a date.
> > >
> > >Also some other interesting things I noticed, on my
> > Windows 2000
> > >workstation, in control panel, Administration Tools,
> > Local Security Policy I
> > >see the maximum password age enforced by policy of 90
> > days.
> > >
> > >However on the Windows 2000 Active Directory servers in
> > control panel,
> > >Administration Tools, Local Security Policy, I see the
> > default maximum age
> > >of 42 and NO enforced password policy.
> > >
> > >It seems that the 'maximum password age' policy does not
> > work in Mixed mode?
> > >Can anyone confirm this?
> > >
> > >
> > >
> > >.
> > >
>
>