Home Microsoft Windows Server 2008 and Server 2008 R2
AD DS - Fine Grained Password Policies Print E-mail


Fine-grained passwords can be implemented by following these tasks:
Raise the Domain Functional Level to 2008 if not already.

Run ADSIedit

adsiedit.msc

Connect to the naming context

Expand <Domain> --> System --> Password Settings Container
Right-click & create Object


Enter Attribute Values:

CN StaffPasswords ()
msDS-PasswordSettingsPrecedence 10
msDS-PasswordReversibleEncryptionEnabled False
msDS-PasswordHistoryLength 25
msDS-PasswordComplexityEnabled True
msDS-MinimumPasswordLength 12
msDS-MinimumPasswordAge 1:00:00:00
msDS-MaximumPasswordAge 30:00:00:00
msDS-LockoutThreshold 10
msDS-LockoutObservationWindow 0:00:30:00
msDS-LockoutDuration 0:00:30:00


The password policy now needs to be applied to a security group:
Open Active Directory Users and Computers
View --> Advanced Features
Expand <Domain> --> System --> Password Settings Container
Open CustomPassword properties
Edit msDS-PSOAppliesTo attribute
Add AllStaff (Security Group)





< Prev   Next >
 

        
            

      

 

DISCLAIMER: All advice, tips, guides and other information on this website is provided as-is with no warranty or guarantee. While most information is correct to the best of my knowledge, I am not reponsible for any issues that may arise in using the information, and you do so at your own risk. As always before doing anything; check, double check, test and always make a backup.

 

Popular

Help VMadmin

All resources on this site are provided absolutley free. However it takes time and money to keep the site running. If any information has been helpful to you or your company, and you wish to make a donation to help keep VMadmin.co.uk running you can do so via paypal, and it would be much appreciated.

Click to donate to VMadmin.co.uk via paypal.