Server 2012 - Unable to get multiple Password and Lockout GPO's to apply

Question 1

I have a domain with over 300 users and has users in many different physical locations, but all connected via vpn. I have created a password policy and linked it to all of the appropriate OU's but it is not applying correctly.

For instance, even though I set the password policy to require 12 characters, it is only applying a 6 character length requirement.

Question 2

Up to server 2003 only one password policy is applied. You can set many and link them however you would like, but only the GPO with the lowest GUID will apply.

For domains with a functional level of 2008 or higher, the same holds true for GPO's, but in addition to the GPO you create Password Settings Objects or PSO's. You can create multiple PSO's and they must be linked to user(s) or group(s). PSO's are created from within ADSI Edit.

Microsoft has a great article located at this link: http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx

Usevh25431 · Answer 1 · 2012-10-18T04:00:34+0000

Up to server 2003 only one password policy is applied. You can set many and link them however you would like, but only the GPO with the lowest GUID will apply.

For domains with a functional level of 2008 or higher, the same holds true for GPO's, but in addition to the GPO you create Password Settings Objects or PSO's. You can create multiple PSO's and they must be linked to user(s) or group(s). PSO's are created from within ADSI Edit.

Microsoft has a great article located at this link: http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx

Categories

Server 2012 - Unable to get multiple Password and Lockout GPO's to apply

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer