I did notice that there's similar answer about this situation, such as this one.
But I'm still confused so need some opinions.
I'm currently creating some custom group policies in a windows server 2019 domain environment.
In the Group Policy Management, I never touch the "Default Domain Policy" and "Default Domain Controllers Policy". And I created a sub-OU under the "Domain Controllers" OU, put the only one AD domain controller computer in it for precise management.
The goal is to apply a custom group policy which has only the "account policies" related settings(such as "computer configuration\windows settings\security settings\account policies\password policy\minimum password age") configured to the AD domain controller computer.
So the custom group policy was prepared for OU to link.
After linking this custom group policy to the OU where AD domain controller computer located in and executed "gpupdate /force" on this AD domain controller computer, I didn't see any settings of my custom group policy take effect according to the generated "gpresult" .html file.
The gpresult report showed no signs of the custom group policy.
The "account policies" related settings are still using "Default Domain Policy"'s configuration.
Note that even I rebooted this AD domain controller computer or enforced my custom group policy, the custom settings just won't work.
And the most weird part is, when i apply the same custom group policy to other OUs, there's no problem to those computers.
I'm afraid that blocking inheritance from the default domain policy would cause trouble to this AD domain controller computer.
Can anyone give me some hints about why default domain policy overriding custom group policy happen?
