Enforce password history policy on OU?

[DA73]

Hi,

Is it possible to Enforce password history policy on OU for users, I want to do this for one of my OU and set this to zero so users can change password to a password they already has had before.

Is it possible, and how?

[nmX.Memnoch]

Short answer: No, this can't be done.

Long answer: The password policy is a machine policy, not a user policy. Since the user accounts are domain accounts, and therefore stored in Active Directory (i.e. each domain controller), the domain controllers have that policy applied to them. You can only have one password policy for the domain. And if I'm not mistaken, that policy is generally set in the Default Domain Policy.

[cluberti]

Password policies (all of them) are per-domain only. If you need separate policies for multiple groups, you need multiple domains.