Keep getting the password complexity error for a OU that should have it disabled

Question

I have a specific Organizational Unit in my Active Directory domain that needs to have weak password settings. I set up my GPO and created a new policy for the OU OU=Limited Users,OU=Production,OU=VetWeb,DC=vw,DC=local called "GPO for Limited Production Users". According to Group Policy Modeling I did set up everything correctly.

However when I try to create a new user or change the password on a existing user with a password that would not meet complexity requirements I get a error message. For example resetting the password for the user CN=Test,OU=Limited Users,OU=Production,OU=VetWeb,DC=vw,DC=local to the password of 12345 gives me the error that the new password does not meet the password complexity requirements.

Doing a gpupdate /force does not resolve the issue. What must I do to allow users in OU=Limited Users,OU=Production,OU=VetWeb,DC=vw,DC=local not to require complex passwords?

Answer 1

You can't set a password policy for an OU this way. The password policy for the entire domain is defined in the Default Domain Policy. It cannot be overridden at a per-OU level through Group Policy. What you want is a Fine Grained Password Policy, which is a bit more complicated to configure, but is the only way to accomplish what you want.