Dynamic Group Password Policy Not Applying As Intended
I am currently running version 9.0.0, Build Number 9003.
I setup a dynamic group for local administrator accounts based on what discovery has found through the AD import (These are Windows Servers). I associated a custom password policy called Local Admins (It simply has a Min/Max value for the password of 24) to that Dynamic group. I have the default password policy set to another custom policy called <Company Name> (The Min is set to 8 there and the Mac set to 50 since we have password all over the board for different services and applications) and that is what is showing as applied to the individual objects that were imported.
The issue is that when I perform a one-time password reset it is using the <Company Name> policy against the dynamic group populated of Administrator Name and Windows Resource Type it is making the passwords anywhere from 8-50 characters, I want it to use the Local Admin policy instead, the one that is associated to the dynamic group, to reset the password to 24 characters long across the board.
I’m not sure if this is a bug or I am misunderstanding what the password policy associated to the dynamic group is meant to do. The workaround is simple enough to change the password policy associated to all the Windows Resource Types to the Local Admin policy but for any newly imported/added Servers I will simply need to remember to change it since that is not the default password policy.
I setup a dynamic group for local administrator accounts based on what discovery has found through the AD import (These are Windows Servers). I associated a custom password policy called Local Admins (It simply has a Min/Max value for the password of 24) to that Dynamic group. I have the default password policy set to another custom policy called <Company Name> (The Min is set to 8 there and the Mac set to 50 since we have password all over the board for different services and applications) and that is what is showing as applied to the individual objects that were imported.
The issue is that when I perform a one-time password reset it is using the <Company Name> policy against the dynamic group populated of Administrator Name and Windows Resource Type it is making the passwords anywhere from 8-50 characters, I want it to use the Local Admin policy instead, the one that is associated to the dynamic group, to reset the password to 24 characters long across the board.
I’m not sure if this is a bug or I am misunderstanding what the password policy associated to the dynamic group is meant to do. The workaround is simple enough to change the password policy associated to all the Windows Resource Types to the Local Admin policy but for any newly imported/added Servers I will simply need to remember to change it since that is not the default password policy.