Skip navigation

JSI Tip 2214. Active Directory Account Policies.

There is only one account policy in Active Directory, and it applies to the root domain of the domain tree. This default domain policy is the default for all Windows 2000 domain members.

There is an exception that will allow different password, lockout, etc.. policies.

You can configure account policies for organizational units, which would apply to all computers within the OU.

This would allow the default domain policy to be applied when the user logs on to the domain, but the OU policy to apply when the user logs on locally.

NOTE: Domain controllers have no local accounts, so OU policies do not apply.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.