expiring passwords for only for a a single OU not the hole domain

[LP]

We have a single W2003 domain structure

I want to enforce 90 days password experation only on one of the OU. Is it
possible? if not how can I expire all passwords manually on a single OU
without going to each user?
thank you,
LP

 

[Jerold Schulman]

We have a single W2003 domain structure

I want to enforce 90 days password experation only on one of the OU. Is it
possible? if not how can I expire all passwords manually on a single OU
without going to each user?
thank you,
LP

It is not possible. Password policy is domain wide.

See tip 7785 in the 'Tips & Tricks' at http://www.jsiinc.com
set -mustchpwd to yes.



Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Danny Sanders]

FYI

If the resources on your domain are such that it is appropriate to have
strong/complex passwords on that domain, setting an OU with weaker passwords
would amount to you the admin creating a security hole in your domain.

A hacker would not waste their time trying to hack into your domain by
cracking an account with "strong" password settings when there are "weak"
accounts on the same domain they want access to.

hth
DDS W 2k MVP MCSE

 

[JB]

Cant be done by OU but can be done by groups. Check out this vendor.

http://www.altusnet.com/passfilt/


It works great.

 

[Joe Richards [MVP]]

That is a password filter. It can't change the expiration policy, it controls
password complexity.