AD Domain Controllers & Password Filters
From: Jason Garms [MS] (jasong@microsoft.com)
Date: 11/08/02
- Next message: Richard Haser: "Mandatory file association"
- Previous message: Jason Garms [MS]: "AD Domain Controllers & Password Filters"
- In reply to: Kent Welch: "AD Domain Controllers & Password Filters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jason Garms [MS]" <jasong@microsoft.com> Date: Fri, 8 Nov 2002 12:44:36 -0800
Hi Kent,
In an AD environment, you must install the same password
filter on all domain controllers, otherwise you'll end up
with weird results, since there is no communication
between DCs on this. What happens is when the client sends
a password change to its DC, that DC will allow/deny the
password change based on the filter installed on that DC.
If the password change is approved on that DC, the DC then
pushes out the modified object through normal AD
replication. Incoming replication from another DC does not
trigger password filters. The only thing that triggers the
filter is a password change, or password set done directly
against that DC.
Best,
-jasong
>-----Original Message-----
>Hi!
>
>I need to know if a password filter triggered on one AD
domain controller by
>a password change/set will trigger the password filter
installed on another
>AD domain controller in the same domain but in a
different site?
>Specifically, I am interested in determining if a
password change can
>trigger the password filters on more than one domain
controller in AD.
>
>Thanks,
>
>-Kent
>.
>
- Next message: Richard Haser: "Mandatory file association"
- Previous message: Jason Garms [MS]: "AD Domain Controllers & Password Filters"
- In reply to: Kent Welch: "AD Domain Controllers & Password Filters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
