This article provides instructions on configuring Active Directory ACL in order for Authenticated Users to view their fine-grained policy settings.
SYNERGIX AD Client Extensions password change notification feature works with normal Domain Password Policy and with the fine-grained password policy settings. However, the fine-grained password policy settings are not displayed to authenticated users unless the ACLs are updated ; this is by design in the Microsoft Windows Operating System.
- Log into a domain computer with a user account that has domain admin privileges.
- From Windows Start button, select Programs \ Administrative Tools and launch "ADSI Editor" or run ADSIEDIT.MSC.
- If you are operating Windows 7.0 domain computer, you must have RSAT installed to start ADSIEDIT.MSC
- If you are operating Windows XP domain computer, you must have Administrator Tool ( adminpak.msi ) for Windows 2003 console installed.
- In ADSIEDIT, expand the domain root / default naming context
- Select CN=System and then, expand CN=Password Setting Container
- Right mouse click on CN=Password Setting Container and select Properties
- Click on Security Tab
- Click on Advanced
- Click on Add and enter Authenticated Users and grant READ permissions
- Set Applies To to "This object and all descendant objects" ( default is This Object Only )
- Click on OK to close down on all open windows
- Close ADSIEDIT.MSC