Fine-grained passwords can be implemented by following these tasks:
Raise the Domain Functional Level to 2008 if not already.
Run ADSIedit
adsiedit.msc
Connect to the naming context
Expand <Domain> --> System --> Password Settings Container
Right-click & create Object
Enter Attribute Values:
CN StaffPasswords ()
msDS-PasswordSettingsPrecedence 10
msDS-PasswordReversibleEncryptionEnabled False
msDS-PasswordHistoryLength 25
msDS-PasswordComplexityEnabled True
msDS-MinimumPasswordLength 12
msDS-MinimumPasswordAge 1:00:00:00
msDS-MaximumPasswordAge 30:00:00:00
msDS-LockoutThreshold 10
msDS-LockoutObservationWindow 0:00:30:00
msDS-LockoutDuration 0:00:30:00
The password policy now needs to be applied to a security group:
Open Active Directory Users and Computers
View --> Advanced Features
Expand <Domain> --> System --> Password Settings Container
Open CustomPassword properties
Edit msDS-PSOAppliesTo attribute
Add AllStaff (Security Group)
View --> Advanced Features
Expand <Domain> --> System --> Password Settings Container
Open CustomPassword properties
Edit msDS-PSOAppliesTo attribute
Add AllStaff (Security Group)
Share this blog post on social media:
Tweet
Latest Blog Posts
- vSphere 7 U1 - Part 3 - Creating a Datacenter, HA/DRS Cluster and Adding a Host
- vSphere 7 U1 - Part 2 - Deploying vCenter 7.0 U1 VCSA
- vSphere 7 U1 - Part 1 - Installing ESXi 7.0 U1
- Veeam CBT Data is Invalid - Reset CBT Without Powering Off VM
- View Administrator Blank Error Dialog/Window After Upgrade