Correct, that's what I meant by "accounts that they authenticate". When I log into the domain from a domain computer, the actual computer I'm using is not the one doing the authenticating.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, August 02, 2005 7:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes Scott, Just to be clear (re: OU Password policy, etc), this only applies when a user logs onto a local user account on that machine - and not when a user logs into the domain from that machine. Yes? Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: Tuesday, August 02, 2005 2:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes > o I dislike the fact that pw policies aren't OU specific (I'm sure I'm > the ONLY one <grin>) Actually they are OU specific in that the machines in the various OUs will require accounts that they authenticate to follow their password policy. Seems to me the issue is that they're applied a machine rather than to a user. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Holme Sent: Tuesday, August 02, 2005 12:48 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes o I dislike the fact that I cannot delegate a "move object" without also delegating the ability to DELETE that object. o I dislike the fact that it isn't simple to create 'event sinks' to monitor/audit specific actions in AD. o I dislike the fact that pw policies aren't OU specific (I'm sure I'm the ONLY one <grin>) o I dislike the fact that downlevel logon names must be unique and I can't turn support for downlevel names off once my 'world' is all Win2K and later... because that means, from a *practical* perspective, that user and group CNs must also be unique. Once I have all Win2K and later clients, I'd like to be able to have a Managers group in the Sales OU and a Managers group in the Finance OU without having to have long nasty group naming conventions like Sales_Managers and Finance_Managers; or do something heinous like have the downlevel name and the CN be *different*. o I would like saved queries to be saved in AD o I REALLY REALLY REALLY would like query-based group membership Wow ... I feel so much better now! List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/