[Samba] Domain Functionality Level and GPO password policies
nwilson123 at gmail.com
Wed Oct 1 06:33:47 MDT 2014
I've been trying to work out how to set a GPO that allows certain
Groups (Domain Users) a password expiry of 60 days and another group
(Domain admins) an expiry of 30 days, but when looking through the
Group Policy Manager I don't see how to achieve this.
After looking around online I stumbled across the domain Functionality
Level which if I understand means that I have to increase it from 2003
to 2008 in order to be able to allow this.
Is this true, do I have to upgrade the level, or am I just missing the
way to achieve the above?
I see that ... https://wiki.samba.org/index.php/Raising_the_functional_levels#Impact_of_upgrading_the_functional_levels
...talks about the ensuring that your forest level isn't higher than
your domain level so I'll set them both to 2008 functionality, and I
presume that if I increase this on my PDC I'll need to increase it on
my other Samba4 domain controller that is replicating settings as
Can I do this live while the servers are in use and should I expect any issues?
Thanks, any help is greatly appreciated.
More information about the samba