Forum Discussion

K-Ang's avatar
K-Ang
Copper Contributor
Feb 10, 2020

Domain policy difference in Primary/Secondary Domain Controller

Hi guys,   I faced this issue whereby i am designing the same domain policy for both primary and secondary domain controller. But what i see is that only primary domain controller is applying the p...
Active Directory
K-Ang's avatar
K-Ang
Copper Contributor
Feb 11, 2020

Dear Mark Lewis ,

 

Yes i have setup DC1 to have DC2 ip address as primary, same goes to DC2 as well. I could have just disable ipv6 but may i know why it cannot be ::1?

 

I have default domain policy for password settings but in that case i can't have kerberos policy setup because default domain policy is assigned to domain computer. May i know if i setup 2 policies with password policies inside and assigned separately will it work?

Mark Lewis's avatar
Mark Lewis
Brass Contributor
Feb 11, 2020

K-AngI've had all sorts of odd issues when the DNS client address has been ::1.

 

I don't believe you can. What you need to be looking at are Fine Grained Password Policies for running multiple policies.

  • K-Ang's avatar
    K-Ang
    Copper Contributor
    Feb 12, 2020

    Dear Mark Lewis,

     

    Sorry for providing wrong information. There is only one domain policy that contains password policy, account policy, kerberos policy and security options. They are in default domain policy. However we have additional policies that defines rules other than the mentioned policies above. 

    • Mark Lewis's avatar
      Mark Lewis
      Brass Contributor
      Feb 12, 2020

      K-AngSo, is the issue with other policies that set options other than password and kerberos not replicating? Things like Only use NTLMv2? Who can log on, drive mapping via preferences?

      • K-Ang's avatar
        K-Ang
        Copper Contributor
        Feb 12, 2020
        Those are replicated fine. Only password policy and account lockout policy is not applying.

Resources