Default passwords for multiple OUs

[Vitalix]

Hi guys and gals,

We just acquired a company and would like to setup a different password policy for the new crew. I created a new OU for them and would like to set a different password policy.

The default password for policy (DPP) for our domain is fairly open as we are a small company. We would like stronger passwords for the new OU. When I create a new GPO with the stronger settings, since the settings for passwords are in the computer configurations rather than the user, it seems like the GPO only sets the password properties for the machines LOCALLY, rather than domain accounts. Tried using block inheritance, hoping it would change the domain accounts, but no such luck. When I change a password, any password is fine. If I try to change a LOCAL password on the machine, then I get prompt for complexity.

For the domain, is the only option I have to change the DPP for processing domain passowrds?

Thanks in advance as always!

Vitaly

[cluberti]

I'll save you some trouble - from this article that references what you are trying to do specifically:

"There can be only a single password policy for each account database. An Active Directory domain is considered a single account database, as is the local account database on stand-alone computers. Computers that are members of a domain also have a local account database, but most organizations that have deployed Active Directory domains require their users to log on to their computers and the network by using domain-based accounts. Consequently, if you specify a minimum password length of 14 characters for a domain, all users in the domain must use passwords of 14 or more characters when they create new passwords. To establish different requirements for a specific set of users, you must create a new domain for their accounts."

So, long story short, you can't have password policies affecting different sets of users in one domain - you'll either have to lock it down for your domain at the top, or create another child domain for the additional users.