The Windows 2008 feature – Password Settings Object (PSO) allows password settings to be applied to Users or Groups as opposed to OUs.
Note the domain functional level must be windows 2008
Step 1 Create Password Settings Object
- A PSO is created via adsiedit.msc. Go to start run adsiedit.msc
- Connect to the default naming context
- Browse to the below folder and create a new password object
Fill out the values as required. See http://technet.microsoft.com/en-us/library/cc754544%28WS.10%29.aspx for an explanation of each field.
Step 2 Assign to Users
The password settings container and password settings object should be visible in Active Directory Users and Computers
- In Active Directory Users and Computers browse to the password settings container and edit the PSO.
- Edit the above field and include the users\groups you would like this policy applied to.
- If you cannot see the above option right click the PSO and select properties then filter. Make sure the “Show only attributes that have values” is not selected.
- Add the distinguished name of the user or group you wish this policy to apply to. E.g. CN=Admins,CN=Users,DC=MyCompany,DC=Local