Share via

Default domain policy is not working on some users.

Nikhil Satheesan 0 Reputation points
2023-11-28T08:15:34.9133333+00:00

The Store password using reversible encryption policy setting is disabled in my AD Policy.

But some of my users are not applied on that policy even after I did the GPUPDATE.

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-11-28T08:53:18.3566667+00:00

    Hello Nikhil Satheesan,

    Thank you for posting in Q&A forum.

    The Store password using reversible encryption policy setting is disabled by default, even if you did not configure it.
    User's image

    Please check if AD replication works fine if you have more than one DCs in the domain.
    Run commands below on PDC to check.
    repadmin /showrepl >C:\rep1.txt

    repadmin /replsum >C:\rep2.txt

    repadmin /showrepl * /csv >c:\repsum.csv

    Please check if you have configured FGPP in your domain and apply FGPP to some user.
    FGPP takes precedence over the default domain password policy.

    Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD.

    https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad/

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments
  2. Nikhil Satheesan 0 Reputation points
    2023-11-28T09:05:26.1166667+00:00

    Thank you for your immediate response.

    Actually we don't configure FGPP in our Domain. Only the default policy is used. But in some OU we block inheritance.

    Will this effect the default policy.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.