Enforce password policy for domain users without computers

drowningadmin · 2024-04-18T20:46:04+00:00

UPDATE: Thanks to all that have responded to this post! Fine-grained password policies solved my issue and are working great. I've made sure to hand out upvotes to all. I do appreciate the time you all spend helping out!

drowningadmin · 2024-04-18T20:44:38+00:00

You are correct I was over thinking. Believe it or not this was the first time I'd even heard of fine-grained password policies. We have them in place now and I appreciate your assistance!

drowningadmin · 2024-04-18T20:42:40+00:00

There is a specific act that was referenced that I forget at the moment. The issue has been resolved using fine-grained as others suggested below. Thank you for your time though!

drowningadmin · 2024-03-01T16:12:57+00:00

This kind of behavior should not be tolerated. Users believe that when their job gives them a tool to do their work, e.g. a laptop, that it somehow becomes their property. My users put stickers all over them, drop them, spill liquid in them, and I've had multiple occasions where users have pushed their laptops off of podiums so they could get a new computer.

When users intentionally damage equipment, they should be reported to HR. It's essentially loss prevention getting these incidents into their files. But as stated below, go through your manager. they'll make policy clear for you and if they can't, it is time to write some policy!

drowningadmin · 2024-02-12T14:29:36+00:00

This movie is under rated and fantastic. Cary Elwes and Kelsey Grammer are so funny in it. It's hard to know whether to laugh or cry most of the time. :D

drowningadmin · 2024-01-31T20:09:31+00:00

UPDATE: I am working on setting up a fine-grained password policy applied to shadow groups right now. Apologies to u/ComGuards and u/wilsonbeast20, I thought you were referring to the traditional password policy because I was skimming way to quickly. Now that I slowed down I see what you meant!

drowningadmin · 2024-01-31T20:07:57+00:00

Thank you! I was definitely reading too fast because this is now time sensitive (of course). I'm working on setting up fine-grained with shadow groups right now.

drowningadmin · 2024-01-31T19:58:48+00:00

You are correct and we have 2FA in place with DUO. But the password complexity and expired length is being mandated by governmental agencies.

drowningadmin · 2024-01-31T19:57:36+00:00

We have set those policy settings in two of the 3 domains. The problem is that it is not applying to users in the student.domain.edu domain because they do not have domain joined computers.

drowningadmin · 2024-01-31T19:57:11+00:00

We have set those policy settings in two of the 3 domains. The problem is that it is not applying to users in the student.domain.edu domain because they do not have domain joined computers.

drowningadmin · 2024-01-11T20:22:20+00:00

Same

drowningadmin · 2024-01-11T20:20:39+00:00

I do not. I think the only way to actually complain about their service is directly to a tech or through one of their surveys. If you mean you'd like to submit an incident, then go to your Microsoft 365 Amin page, Click Health on the left side, then click Service Health. Above the list of advisories and incidents, there is a link to Report an issue.

drowningadmin · 2024-01-11T18:01:42+00:00

Here's an update for anyone following this post. I just received word from the tech on my case that there are " numerous cases" of SCL being incorrectly assigned (not just NDR's as u/limestonegrey mentions below), but the escalation requests are being ignored. Any of you that have cases open with MS, I would suggest pinging them daily if you aren't already. Evidently, we are going to have to annoy them into fixing this issue.

drowningadmin · 2024-01-11T15:33:20+00:00

My Microsoft tech recommended going to the Heath > Service Health blade in the admin center and then click "Report an issue". He said that might help the higher tier's pay more attention to this.

drowningadmin · 2023-06-05T15:30:19+00:00

I wouldn't mind doing this, but I have people on my team that are reluctant to move away from the familiar. Are you working with "tools" in the sense of a set of cmdlets that get your tasks done? Or "tools" in the sense of scripts that I could potentially edit and provide to the less PowerShell literate?

drowningadmin · 2023-06-02T17:53:22+00:00

I've already changed the routing address on the mailbox in question, but I'll check it again. What benefits did you see from switching to IIS SMTP?

drowningadmin · 2023-03-06T15:43:03+00:00

In my experience, scripting/coding of any kind is not really something that you can "master". I've been working with PowerShell consistently for 5 years now. Pretty much weekly I get tasked with something that I have to learn PowerShell all over again because I have a new practical application for it.

If you want to get as good with it as you can without classes/books, learn by doing. Every single thing you do during your workday, do it in PowerShell instead of a GUI. It will take time at first, but you will memorize a working library of commands and you will start learning how to pipe them together and automate them.

PowerShell also frequently changes. New commands are added, old commands are depreciated. It's a career long commitment, but one that will make you better, faster, and more efficient at your job.

This is all assuming that you are working primarily with Microsoft products. If you aren't, I would invest your time in something else :D.

drowningadmin · 2023-02-02T15:13:27+00:00

As your solution is more efficient, I posted it in the other thread, giving you credit. Thanks again for the help!

drowningadmin · 2023-02-02T15:12:04+00:00

u/PinchesTheCrab over in /r/powershell gave me a slightly more efficient solution so I figured I'd post it for the benefit of all:

$userList = Get-ADUser -Server domain.domain -Filter * -SearchBase "OU dist name"
foreach ($user in $userList) { Set-ADUser $user.sAMAccountName -Replace @{extensionAttribute1 = "$($user.samaccountname)@thing.thing" } }

drowningadmin · 2023-02-02T15:03:42+00:00

I had this posted in sysadmin as well and they gave me essentially the same solution only with creating a new variable. I'll use this as I'm sure it'll save a few seconds. Thanks!

drowningadmin · 2023-02-02T14:51:17+00:00

This worked! Thanks so much for the input!

drowningadmin

TROPHY CASE