Fine-grained passwords can be implemented by following these tasks:
Raise the Domain Functional Level to 2008 if not already.

Run ADSIedit

adsiedit.msc

Connect to the naming context

Expand <Domain> --> System --> Password Settings Container
Right-click & create Object


Enter Attribute Values:

CN StaffPasswords ()
msDS-PasswordSettingsPrecedence 10
msDS-PasswordReversibleEncryptionEnabled False
msDS-PasswordHistoryLength 25
msDS-PasswordComplexityEnabled True
msDS-MinimumPasswordLength 12
msDS-MinimumPasswordAge 1:00:00:00
msDS-MaximumPasswordAge 30:00:00:00
msDS-LockoutThreshold 10
msDS-LockoutObservationWindow 0:00:30:00
msDS-LockoutDuration 0:00:30:00


The password policy now needs to be applied to a security group:
Open Active Directory Users and Computers
View --> Advanced Features
Expand <Domain> --> System --> Password Settings Container
Open CustomPassword properties
Edit msDS-PSOAppliesTo attribute
Add AllStaff (Security Group)

Share this blog post on social media:

Latest Blog Posts

Popular

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes

We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok Decline