Password Policy GPO in Windows 2003

[Mike Towan]

I have a colleague who just attended training and says that you can now
apply password policies at the OU level in Win2003 AD rather than having it
be at the Domain level in Win2k AD. Can anyone confirm or deny this? I
hadn't heard of this change, but it would be a nice change!

Mike

 

[Guest]

All domain controllers in the domain must abide by the same password policy.
There is no rule that a DC has to stay in the domain controllers container.
That is why it must be defined at the domain level. You can setup the
password policies at an OU level in W2k/3 but it will only effect the local
policy of the computers in that container.
This would be pretty easy to test, if you were so inclined.