answer :

With Windows 2000 and 2003 you can only have ONE password policy PER DOMAIN. Any password policy applied to an OU will not pe applied. If you must do this use a third party tool – or Server 2008.

————————————————————————————————–

I have a Windows 2003 DC. I configured different OUs with the name of different departments. For “MANAGERS” OU I don’t want to apply Password Complexity Requirement and Minimum Password Length should be at least 4 characters. All other OUs should be under the “Default Domain Policy” setting with password complexity enabled. Accordingly I did the following:

1. I created a New Group Policy named “Manager PW Policy”
2. Edited the “Manager PW Policy” and disabled “Password must meed complexity requirements” and
3. Changed the “Minimum password length” to 4.
4. Opened GPMC and blocked inheritance on “MANAGERS” OU so that it cannot inherit the “Default Domain Policy”.
5. Linked the “Managers PW Policy” with “MANAGERS” OU.
6. Executed “gpupdate /force” command.

Now I tried to create a User in “MANAGERS” OU without complex password, but failed to create as it is not taking the new policy and showing the following error:

“Windows cannot set the password for User1 because: Password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.”

Need your help.