Hi Travis, If I'm understanding correctly, that password policy isn't going to force them to all of a sudden change their passwords. It will commence its expiry and complexity and history awareness upon subsequent password change. Don't sweat it.
I'm certain someone smarter than me will correct me within a few minutes, if I'm wrong. You can't set password policies on an OU. They're valid as domain policies only. -tom > -----Original Message----- > From: Travis Riddle [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 02, 2003 2:09 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Password Policy > > > I made a slight error when creating a group policy, and now > need some advice on how to fix it. Hopefully some one will > be kind enough to help out. I have a single domain with 2 > sites. I created a Default Policy for the entire domain with > fairly minimal settings (such as password policy, proxy > settings and a few IE settings). Our manufacturing facility > is our largest site, and our corporate offices is > significantly smaller, so instead of applying one policy > several times I set block policy inheritance for the > corporate OU (so they wouldn't get the Proxy and IE > settings). I then set password settings on the separate > corporate OU. Well, I guess I didn't realize at the time > that you could only have one password policy for the domain, > so basically they haven't had to change their passwords for > some time now. > > So here is the problem, I need to enable the password policy > for corporate, but if I do I think it will immediately expire > their passwords (since they are well over 90 days old). Is > my thinking wrong here, and is there a way around this or am > I going to have to call the corporate guys and have them > manually change their passwords? Any ideas?> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
