Hi, I was hoping someone could help with removing our domain password policy as we have now disabled delegated authentication.

These are not strictly Okta related but I’m hoping someone might be able to provide some guidance or has seen this before

Firstly, passwords are syncing fine from Okta to active directory and is working just as expected so there’s no issue/query there. We have users in Okta, their accounts/passwords/etc sync to on-prem AD, and they log on to their domain joined laptops with their AD accounts. Users and computers are all on the same domain.

We have removed the password policy from our default domain policy, the change has replicated across GPO’s on other DC’s and there is no password policy being applied via any other GPO’s.

However, when running the PS query Get-ADDefaultDomainPasswordPolicy it still shows the password policy criteria that were removed from the domain policy. The local security policy and local group policy on the domain controllers shows the password criteria so I assume that’s where it’s coming from. The local security policy and local group policy on the laptops is just showing what looks like some default settings.

Has anyone got any advise on what to do? The password policy in Okta is the same as the password policy that was previous configured on the default domain policy. The users are going to be due to change their passwords in a few weeks and I’m not sure if this is going to cause them any issues.

Thanks