Active Directory 2012

Active Directory – Create Fine-grained password

Before Windows Server 2008, there was a limitation about password management: only one password policy and lockout policy could be applied to all users in the domain. Therefore, some organizations created several domains to manage different set of user / password policy.

With Windows Server 2008, Microsoft integrated Fine-Grained password policy. With this object, you can now create multiple password policy in the same domain and assign it to a specific user group. However, there was no built-in GUI to create Fine-Grained policy. We had to use ADSIEdit and Attribute Editor to assign a policy to a user group.

Windows Server 2012 uses Active Directory Administrative Center to give us the possibility to create Fine-Grained policy with a wizard. Let’s see how to do that easier.

Administrative Center

We need to use Active Directory Administrative Center to create fine-grained policy with GUI.

  • Go to Active Directory Administrative Center:
Active Directory Administrative Center

Active Directory Administrative Center

  • Select your domain on the left, and click on System container:
Administrative Center System Container

Administrative Center System Container

  • Select Password Settings Container:
Password Settings Container

Password Settings Container

  • Select New and Password Settings on the right:
New Fine-grained password

New Fine-grained password

Fine-grained custom policy

Now the wizard to create you custom policy appears.

  • Set information required by the wizard, like password length, complexity,…
  • Assign this policy to a user group.
Fine-grained policy Wizard

Fine-grained policy Wizard

Resultant of policy

Active Directory Administrative Center lets us to check quickly the password policy for a user:

  • Go to the user account.
  • Right click on select “View Resultant password settings
User Password policy

User Password policy

More

You could get more information about fine-grained password here.

Leave a Reply

Your email address will not be published. Required fields are marked *