G
Guest
The original problem is I am unable to simply create a GPO with more secure password settings (i.e Complex Passwords, Minimum Password Age, etc…)
After completing the DomGPOFix.exe repair, which set the Default Domain Policy and the Default Domain Controller Policy back to their original settings, all of the extra (bad) settings that were within the GPO’s were removed. Prior to this fix, each of the GPO’s contained extra (bad) settings and information that AD and the GPMC did not recognize and stored in either HEX or GUID format when reading from the GPMC. Now,After completing the DomGPOFix.exe repair, all of those settings have been cleaned.
After a lot-a-bit of searching, I found that different parameters are set within ADSI. By opening ADSI and connecting to the domain, I brought up the properties. Within the ADSI Attributes Editor I found different/incorrect parameters the domain keeps defaulting to. I can change the settings within the ADSI Attributes Editor, but I cannot set them to NULL <not set> so that my GPO would have precedence.
After searching on the Web for answers; I attempted several methods to fix but didn’t get anywhere. Looking thru the ADSI Attributes Editor, I found some of the PWD attributes do not allow to be set to NULL <not set>
I am still unable to remove the settings within ADSI Attribute Editor. I am still unable to enforce the new password policy. It keeps defaulting to different/incorrect parameters within ADSI.
After completing the DomGPOFix.exe repair, which set the Default Domain Policy and the Default Domain Controller Policy back to their original settings, all of the extra (bad) settings that were within the GPO’s were removed. Prior to this fix, each of the GPO’s contained extra (bad) settings and information that AD and the GPMC did not recognize and stored in either HEX or GUID format when reading from the GPMC. Now,After completing the DomGPOFix.exe repair, all of those settings have been cleaned.
After a lot-a-bit of searching, I found that different parameters are set within ADSI. By opening ADSI and connecting to the domain, I brought up the properties. Within the ADSI Attributes Editor I found different/incorrect parameters the domain keeps defaulting to. I can change the settings within the ADSI Attributes Editor, but I cannot set them to NULL <not set> so that my GPO would have precedence.
After searching on the Web for answers; I attempted several methods to fix but didn’t get anywhere. Looking thru the ADSI Attributes Editor, I found some of the PWD attributes do not allow to be set to NULL <not set>
I am still unable to remove the settings within ADSI Attribute Editor. I am still unable to enforce the new password policy. It keeps defaulting to different/incorrect parameters within ADSI.