Domain Security Policy Question

Jerry · Jan 7, 2004

I have a domain level security policy that specifies the
password length should be 5 characters. I want to create
an OU policy that specifies the password length should be
10 characters.

Which policy will take affect?

I know that in general, policies work down from local,
site, domain, OU. However, I thought I read somewhere
that domain security policies are the exception.

Is this true?

Thanks in advance.

Jerry

Richard Moreno · Jan 7, 2004

Hi Jerry-

There is an exception and it pertains only to any and all account policies
in AD: They apply to the entire domain and nothing less. Therefore you
cannot alter the password length requirements for any account unless you
create a child domain (or any separate domain).

--
Thanks,
Richard Moreno
MCSE NT4\2000, MCSA 2000

This posting is provided "AS IS" with no warranties, and confers no
rights.

\Richard McCall [MSFT]\ · Jan 7, 2004

You are correct. Password policies have to be changed in the Default Domain
Policy.

Deji Akomolafe · Jan 7, 2004

You can not. If you need multiple password policies, you need multiple
domains.

HTH
Deji

Domain Security Policy Question

Jerry

Richard Moreno

\Richard McCall [MSFT]\

Deji Akomolafe