Fine-grained passwords can be implemented by following these tasks:
Raise the Domain Functional Level to 2008 if not already.

Run ADSIedit


Connect to the naming context

Expand <Domain> --> System --> Password Settings Container
Right-click & create Object

Enter Attribute Values:

CN StaffPasswords ()
msDS-PasswordSettingsPrecedence 10
msDS-PasswordReversibleEncryptionEnabled False
msDS-PasswordHistoryLength 25
msDS-PasswordComplexityEnabled True
msDS-MinimumPasswordLength 12
msDS-MinimumPasswordAge 1:00:00:00
msDS-MaximumPasswordAge 30:00:00:00
msDS-LockoutThreshold 10
msDS-LockoutObservationWindow 0:00:30:00
msDS-LockoutDuration 0:00:30:00

The password policy now needs to be applied to a security group:
Open Active Directory Users and Computers
View --> Advanced Features
Expand <Domain> --> System --> Password Settings Container
Open CustomPassword properties
Edit msDS-PSOAppliesTo attribute
Add AllStaff (Security Group)

Share this blog post on social media:

Social Links


All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes