If you have two domains on your network that are located at the same physical site and you want to implement an account policy that requires passwords of at least eight characters and should meet complexity requirements -- do you apply the account policy setting at the site? What account policies should you use?
You would need to apply the account policy separately on each domain. Even though the group policy MMC snap-ins will display the "Password Policy" branch for OU's and sites, you can only define the password policy at the domain level. This is because there can only be a single password policy in a given Active Directory, which effectively means that you can only define it at the domain level. Also, just as a note regarding best practices, rather than modifying the default domain policy, you should go ahead and create an additional group policy object with the password policy settings that you want to apply.
View questions and answers from all of our Windows security experts here.