Configuring different password policies on Windows Server 2008 domains

Recently I found out that there was no way to implement different password policies on domains running on Windows Server 2003. It didnt sound right to me, why I cannot keep different password complexity, for example, in different OUs for different users?

You can actually link to separate OUs with different policies with different values on passwords options, but theyll be ignored by Default Domain Policy.

It seems that there’s a way to accomplish this (not an easy way, but anyhow) running domains with Windows Server 2008 and of course in the highest domain functional level.

The tools involved: GPMC (included with Windows Server 2008) and ADSI Edit.

Here’s the solution:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s