Return
-
Title
How to update a fine grained password policy in Quest Authentication Services -
Description
Updates to a Windows 2008 Fine grained password policy are not being applied to a Quest Authentication Services (QAS) user.
This is also known as a Password settings object (PSO) -
Cause
The Fine grained password policy is read by the account used to join the server to the domain.
By default the policy cannot be read by the computer object. (host/)
Quest Authentication Services will have outdated settings if the policy is updated after the inital join. -
Resolution
Run the following command to keep the policy updated after the join:
# /opt/quest/bin/vastool -u <admin account> flush pwdpoliciesTo display the current settings for a particular user use the following command:
# /opt/quest/bin/vastool -u <admin account> info adsecurity -u <username>