Hi I'm having 2 problems with my windows server 2008 r2. The first problem is my password policy, with I have set to 30 days, but after 30 days no computer on the domain asks to reset the password. The 'password never expires' option in the usernames are also not selected. The second problem is with my dns server. When I have the dns from my provider, I can go to every website, with my own dns some websites are not available (including google), on these websites I get 'page cannot be displayed'. I'm really new at this, so please try to explain every step fully. Thanks in advance

With regard to the password policy, are you sure that you deployed it correctly? Did you link it to the domain object? Take a look at this summary on how to implement a password policy: http://itgeared.com/how-to-implement-active-directory Creating a GPO for password policy settings and applying them to an OU with users is not going to work. http://itgeared.com/how-to-troubleshoot-active-directory Regarding DNS, there could be a few issues. Have you checked to make sure that the DNS server service is running on that server? Is it configured to use the root hints or do you have it configured to forward? What do you know about the configuration of the DNS server?Guides and tutorials, visit ITGeared.com.

Hello, The first problem is my password policy, with I have set to 30 days, but after 30 days no computer on the domain asks to reset the password. The 'password never expires' option in the usernames are also not selected. make sure that the password policy is linked at the domain level. Use rsop.msc to check appliance of the wanted parameters. If you are using AD DS Fine Grained password policies then the default domain password policy will be bypassed. The second problem is with my dns server. When I have the dns from my provider, I can go to every website, with my own dns some websites are not available (including google), on these websites I get 'page cannot be displayed'. For the DNS server, check that DNS Server service is running and that your ISP DNS server is set as a forwarder and not in IP settings of the server. For client computers, make them point to this server as primary DNS server. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hey JM Thanks for the quick reply. For the password, I'm pretty shure that I linked it to the domain object, but I will check it again when I'm home tomorrow. Will also check the DNS, I know the service is running, but I don't know the configuration by heart. I will let you know as soon as possible. Regards Christophe

The password policy applies to user accounts, and not to computers. If you are adjusting machine account password age, please adjust the applicable security option in group policy for the domain (http://technet.microsoft.com/en-us/library/cc781050(WS.10).aspx). By default, the maximum machine account password age is 30 days, so it seems to already meet your requirements. The behavior for the password policy is that a user should be prompted based on the settings defined in group policy "x" number of days before the password expires to change it (default is 14 days). If defining 30 days, then once a USER gets to the point their password is 30 days old, they will be prompted to and forced to change their password to logon. In regards to your DNS issue, it sounds like you are missing a forwarder to your ISPs DNS server. Add this to your forwarders list for the DNS server and that should resolve your DNS resolution issues. See http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx for more on how to set this up. Brandon Wilson - Premier Field Engineer (Platforms)

Actually Brandon...the password policy settings target computers not users. Take a look at any GPO and you will find that the password policy settings are located in the computer configuration container, not the user configuration container. This may seem odd at first, but it does make sense once you understand the process of applying password policies. Feel free to take a look at my links posted above. Take care... Guides and tutorials, visit ITGeared.com.

Yes they are computer configuration settings, but they apply to user accounts and not computer accounts. They do not affect machine account password ages was the point I was trying to make (since the statement "but after 30 days no computer on the domain asks to reset the password" was made). I felt it pertinent to explain the distinction a bit more. I should have been clearer in my response. Sorry for any confusion. Brandon Wilson - Premier Field Engineer (Platforms)

Hi everyone Thanks for the many reply's. I've looked at this and it seems that I indeed linked the password policy on the ou instead of the domain. Now I relinked it and hope that the problem will be solved with that, otherwise, I will be back here at the 1st of december ;) As for the DNS, I tried what you said and put my ISP settings in the forwarders. I will test this now for a few days and report back to you if I have any problems or not. Again, thanks all.

Hi everyone It's been 1 week after my last post and I'm happy to say that the DNS is working fine, I didn't have any problems with it and can access all the sites. As for the password policy, I will let you know on the first of december. Thanks again

Hi again So, like I said before. The problem with the dns server is solved, haven't had any problems with a site since then. As for the password problem. This is not solved. I've now, like you asked, linked the policy on the domain instead of the OU, but still nothing. It didn't ask to change my password yesterday (and today, to make sure). I've now reset it myself, but that's not the point of having a password policy of course. So, can you guys help me out please. I'll be very thankfull. Again, try to explain the most of it in pure english or provice step-by-step instructions, cause I'm very new at this (I know my way around and know a few terms, but not as good as you guys). Regards Christophe