RE: [ActiveDir] Strange password issue

[albertduro]

If it's a local account, then the policy doesn't apply regardless;
domain account policies don't apply to local accounts.

maybe I misundarstand what you're saying, but this is not my experience.
More than once I've yanked a workstation from the domain and tried to
apply a less restricted password to a local account, and I couldn't --
the domain policy persisted tyrannically.




From: Laura A. Robinson [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 06, 2006 9:27 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Strange password issue


Impossible/irrelevant. If it's a domain account, the policy
applies regardless, because the account is stored in AD. If it's a local
account, then the policy doesn't apply regardless; domain account
policies don't apply to local accounts. Is this a local account or a
domain account?
 
Laura




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, September 06, 2006 11:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Strange password issue


If you mean before the policy was set up, then, no.
This policy has been in effect for a couple of years and
the account was created a month ago..
 
Maybe the PC is not getting the Default Domain Policy?
 


 
On 9/6/06, Williams, Robert
[EMAIL PROTECTED] wrote: 

Tom,

 

This is just a stab in the dark but is it
possible that this user's password was set prior to the Default Domain
Policy being in effect? 

Robert Williams



From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, September 06, 2006 9:39 AM
To: activedirectory
Subject: [ActiveDir] Strange password issue

 

I'm having this weird  issue where I have a user
account who is able to log in with a blank password.

The Default Domain Policy is set to a min
password length of 6 characters.

The userAccountControl on the user is set to
512.

 

The Domain is at win2k3 DFL and FFL.

 

Is there any other way besides a migration tool
like Quest that could circumvent this policy and allow blank passwords?

 

Thanks

2006-09-06, 11:32:05
The information contained in this e-mail message
and any attachments may be privileged and confidential. If the reader of
this message is not the intended recipient or an agent responsible for
delivering it to the intended recipient, you are hereby notified that
any review, dissemination, distribution or copying of this communication
is strictly prohibited. If you have received this communication in
error, please notify the sender immediately by replying to this e-mail
and delete the message and any attachments from your computer. 
 


winmail.dat

[ActiveDir] Printers AD GUI

[albertduro]

After 6 years of working with AD I just realized that when you unshare a
printer it becomes invisible and unmanageable. I guess I always knew
this in the back of my head, but it never hit home until I tried
cleaning up the printer list.  Why are printers third-class citizens of
AD, without a container or a OU to their name?  The only way to remotely
manage unshared printers is through the browse list, which is a pain.
Am I missing something?  Are there other approaches to this? (no
megabucks solutions, please)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Raid 1 tangent -- Vendor Domain

[albertduro]

- stop using mirrors damnit) .[1]


can you please explain that?  What's wrong with mirrors?

[1] joe, speaking particularly in the context of Exchange
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx