Default Domain Policy and Password Policy problem

[guest]

I have inherited a Server 2003 R2 domain which has not been maintained very well. There is a lot of issues with passwords, authentication etc.

One problem I am having an issue with is users are being asked to change passwords every 14 days despite the default domain policy - Account Policies - Password Policy - Min and Max password age being not defined and password complexity being disabled.

This is reflected in all policies linked to OU's as well.

I can't seem to see why this is happening. We are also getting trust relationship issues where users cannot log on and the laptop needs to be taken off the domain and added again for the user to log on.

Any help with this would be appreciated.

One other thing.....

I also have a logon script running that maps a network drive via a .vbs script, a simple one. The XP machines get the mapped drive but not one of the Vista machines have the drive mapped. Any ideas on this?

cheers in advance

[guest]

The Vista mapped Drive issue may be caused by UAC, please refer to the following thread:

Can't Map Drives via GPO Logon JScript
http://social.technet.microsoft.com/for ... 3a5caf13fc

As a workaround, you can use the following script to set Password Never Expires attributes for users.

How Can I Configure an Active Directory Account So the Password Never Expires?
http://www.microsoft.com/technet/script ... y1031.mspx .

However, it’s not suggested to enable Password never Expires attribute for all users.

Please help to collect gpresult of the Domain Controller for research. Or open gpedit.msc to check Local Policy on DC. If the DC Local Policy was configured, please refer to the following article to set maximum password age policy.

How maximum password age is implemented
http://support.microsoft.com/kb/236373

[guest]

All user password operations are performed on DC even if the user is not logged on DC. This requires the user password must meet the Domain Controller Policy.