Effects of Updating the Active Directory Password Policy

Discussion in 'MCSE' started by nasteric, Nov 29, 2004.

  1. nasteric

    nasteric Guest

    When one increases the password length of the password policy in
    Active Directory at the domain, how does Active Directory treat
    accounts with passwords still using the former minimum length?

    For example,

    If I increased the minimum password length from 7 to 10 characters,
    how would this change affect accounts that are currently using
    passwords of 7 characters in length?

    Would it force them to change their password the next time they login
    or would it wait until the next time they changed their password to
    enforce the new policy?

    How would it affect local accounts on member servers and workstations?
    Would it force them to change their password immediately or wait
    until the next time they change their password to enforce the new
    policy?

    Is the domain policy even applicable to local accounts on member
    servers and workstations?


    Thanks in advance.
    -N
    nasteric, Nov 29, 2004
    #1
    1. Advertising

  2. The changes would not take effect until the next time the user changes their
    password [if ever ] or a new account is created. Normally local accounts
    would have the same policy applied to them unless you have created an OU
    with different password policy in which case the computers in that OU could
    have different password policy to local account ONLY. --- Steve


    "nasteric" <> wrote in message
    news:...
    > When one increases the password length of the password policy in
    > Active Directory at the domain, how does Active Directory treat
    > accounts with passwords still using the former minimum length?
    >
    > For example,
    >
    > If I increased the minimum password length from 7 to 10 characters,
    > how would this change affect accounts that are currently using
    > passwords of 7 characters in length?
    >
    > Would it force them to change their password the next time they login
    > or would it wait until the next time they changed their password to
    > enforce the new policy?
    >
    > How would it affect local accounts on member servers and workstations?
    > Would it force them to change their password immediately or wait
    > until the next time they change their password to enforce the new
    > policy?
    >
    > Is the domain policy even applicable to local accounts on member
    > servers and workstations?
    >
    >
    > Thanks in advance.
    > -N
    Steven L Umbach, Nov 29, 2004
    #2
    1. Advertising

  3. nasteric

    Neil Guest

    did you hear (nasteric) say in
    news::

    > When one increases the password length of the password policy in
    > Active Directory at the domain, how does Active Directory treat
    > accounts with passwords still using the former minimum length?


    ummmm, try it. since you are preping for the exam (assumed since you
    posted here) you should give the bizzaro things like this a try. "what
    about group policy application when I change the settings for logon
    scripts, software deployment, folder redirection or admin template
    settings?" "If I change the IP address what happens in DNS?" TRY IT.
    nothing like experience to help you understand. grab that test lab and
    give it a try...

    oh and read this http://tinyurl.com/7xd7p

    --
    Neil MCNGP #30
    "Human beings, who are almost unique in having the ability to
    learn from the experience of others, are also remarkable for
    their apparent disinclination to do so."
    -- a qoute by Doug Adams (Author of the Hitchhiker's Guide to the Galaxy)
    Neil, Nov 29, 2004
    #3
  4. nasteric

    Neil Guest

    did you hear "Steven L Umbach" <> say in
    news:rEwqd.579972$mD.265021@attbi_s02:

    > The changes would not take effect until the next time the user changes
    > their password [if ever ] or a new account is created. Normally local
    > accounts would have the same policy applied to them unless you have
    > created an OU with different password policy in which case the
    > computers in that OU could have different password policy to local
    > account ONLY. --- Steve


    give away the farm. ps, the user will be forced to change the password
    once the max password age has expired...

    --
    Neil MCNGP #30
    "Human beings, who are almost unique in having the ability to
    learn from the experience of others, are also remarkable for
    their apparent disinclination to do so."
    -- a qoute by Doug Adams (Author of the Hitchhiker's Guide to the Galaxy)
    Neil, Nov 29, 2004
    #4
  5. "Neil" <guess!!!@gmail.com> wrote in message
    news:Xns95AFE5BE5C2Bneilmcsegmailcom@207.46.248.16...
    > did you hear (nasteric) say in
    > news::
    >
    > > When one increases the password length of the password policy in
    > > Active Directory at the domain, how does Active Directory treat
    > > accounts with passwords still using the former minimum length?



    Start/RUN secedit /refreshpolicy machine_policy
    Mark Cunningham, Dec 20, 2004
    #5
  6. nasteric

    Herb Martin Guest

    "Mark Cunningham" <> wrote in message
    news:Z4Ixd.1012$...
    >
    > "Neil" <guess!!!@gmail.com> wrote in message
    > news:Xns95AFE5BE5C2Bneilmcsegmailcom@207.46.248.16...
    > > did you hear (nasteric) say in
    > > news::
    > >
    > > > When one increases the password length of the password policy in
    > > > Active Directory at the domain, how does Active Directory treat
    > > > accounts with passwords still using the former minimum length?

    >


    It doesn't invoke the rule until the password is next changed.

    Password policies are invoked during password change/set
    operations only.

    > Start/RUN secedit /refreshpolicy machine_policy


    Generally irrelevant. It will likely autoupdate wherever
    it is important long before the user updates the password.
    Herb Martin, Dec 21, 2004
    #6
  7. nasteric

    Rishi

    Joined:
    Aug 28, 2006
    Messages:
    2
    Hello

    I facing a problem with ACTIVE DIRECTORY PASSWORD POLICY

    I have implemented password policy for the users which states:

    Policy Setting
    Enforce password history 5 passwords remembered
    Maximum password age 1 days
    Minimum password age 0 days
    Minimum password length 6 characters
    Password must meet complexity requirements Enabled
    Store passwords using reversible encryption Enabled

    For Test reasons i chose for 1 days.
    I did a GPUPDATE /FORCE and rebooted.

    Following this i checked to see if its really been implemented using the command :
    gpresult

    It shows that its there is an password been there.

    But after 1 day on my next log-on it never asked for a new password???? Meaning the passord Policy didnot exsist.

    I search on the log file UserEnv.log on the user (Client machine) and it produces me this.
    SERENV(2b4.2b8) 11:53:16:137 DumpOpenRegistryHandle: 2 user registry Handles leaked from \Registry\User\S-1-5-21-1876315153-1648240656-316617838-3652
    USERENV(2b4.2b8) 11:53:16:137 UnloadUserProfileP: Didn't unload user profile <err = 5>
    USERENV(2b4.2b8) 11:53:16:590 UnloadUserProfile: UnloadUserProfileP failed with 0
    USERENV(2b0.2b4) 11:51:53:796 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2b0.2b4) 11:51:53:812 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2b0.2b4) 11:51:53:812 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2b0.bf4) 11:54:41:759 PolicyChangedThread: UpdateUser failed with 0.
    USERENV(2b0.ddc) 11:55:41:553 PolicyChangedThread: UpdateUser failed with 1008.
    USERENV(2b0.e90) 11:56:41:300 PolicyChangedThread: UpdateUser failed with 1008.
    USERENV(2b0.f90) 11:57:41:249 PolicyChangedThread: UpdateUser failed with 1008.


    Could some one please help
    Rishi, Aug 28, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MikeH
    Replies:
    4
    Views:
    1,770
    Karl \Johnno\ Gustaf
    Oct 29, 2003
  2. Rishi

    Ctive Directory Password Policy

    Rishi, Aug 28, 2006, in forum: Software
    Replies:
    1
    Views:
    2,637
    noushad
    Nov 23, 2006
  3. Battousai

    Active Directory Password Policy

    Battousai, Aug 1, 2007, in forum: General Computer Support
    Replies:
    2
    Views:
    1,219
    honeykutty
    Oct 1, 2007
  4. keithalmli

    Active Directory Problem / Sync and Group Policy.

    keithalmli, Aug 11, 2007, in forum: General Computer Support
    Replies:
    0
    Views:
    1,475
    keithalmli
    Aug 11, 2007
  5. morph
    Replies:
    0
    Views:
    457
    morph
    May 20, 2008
Loading...

Share This Page