Hi Would someone be able to tell me if it is it possible to create a working Password policy in AD besides the Default domain Policy without using the Fine Grain password Policy in Windows Server 2012? I would rather have all of my Policies in one place. I know that the precedence has to be a lower number than the DDP but if this is possible how do I get it to work.? I have tried everything including
- Creating the GPO in the same location as the Default Domain Policy
- Making sure that the precedence is set to a lower number than the DDP. I have it set to 1. My DDP is 3
- GPO is Enforced
- Link is active
- Scope includes correct Group in which the members are included
- The Group is a security group
- Under delegation key the policy is applied to the desired group
But yet no change are showing in Gpresult/r or with 'Net Accounts /domain'. Still shows the DDP policy settings.
Whats interesting is when I applied the policy to include 'authenticated users' it worked for everyone and the new policy that I had implemented mirrored through GPresults/r. However I dont want everyone to have this policy just the select users I have chosen. What am I doing wrong??
Support analyst