I am using Windows Server 2003 Enterprise Edition. I created one domain, xyz.com, and then configured Group Policy for a domain and domain controller that requires a complex password of at least seven characters. After that, I created one OU (organizational unit) in my xyz.com domain called ACC. For the ACC OU, I don't need a complex password, so in Group Policy, I disabled complex password and set the minimum character length to zero and set block policy inheritance. When I created a user in the ACC OU, it still required a complex password. I don't understand what's going wrong.
Requires Free Membership to View
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.
Margie Semilof, Editorial Director
This Group Policy complex password problem is due to the fact that in Group Policy, in Windows networks, password security policies are only assigned at the domain level. You can expand the policy at the OU and go through all of the motions, but Active Directory will not actually apply the changes. In fact, having differing password policies is one of the few reasons for creating additional domains.
This was first published in September 2007