2

I simply need to know what my network's password complexity requirements are at this time. I believe we had competing group policies in place (trying to clean up that mess) and I want to see which policy's setting is being used.

This topic on superuser asks the same question but wants to know how an end user could find out; I am a domain admin and have full access. I can't use third party tools on our network; default 2008 R2 software only.

I'm still learning how to do some of this! Looking for a simple solution that doesn't involve third party tools and will tell me what the active password policy is on my domain controller/s.

Community
  • 1
Shrout1
  • 343
  • 2
  • 6
  • 18

1 Answers1

4

GPresult.exe, or Group Policy Results using the Group Policy Management MMC.

FYI - You cannot have conflicting password policies so I'm not sure what you've investigated to make you think you do. Every domain can have only one password policy applied. If you apply more than one at the domain controller level, the normal rules of precedence apply; there is no conflict as such.

Also, if you apply other password policies to, for example, other machines, those will impact only local accounts on those machines, not domain accounts.

You could also have fine-grained password policies, so be sure to check for that.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • 1
    Appears that the minimum password age on my domain is set to 15 days! This is preventing a user from changing their password, no matter how complex they make it. The "conflict" between the GPOs has been resolved; thanks a bunch for your response! – Shrout1 Sep 24 '14 at 17:56
  • @Zoredache - yes, exactly correct on all counts, I actually said that in my 3rd paragraph :-) – mfinni Sep 24 '14 at 18:36