Solved

enforce maximum password lenght in Active directory (Windows 2003 Server)

Posted on 2010-09-13
8
1,307 Views
Last Modified: 2012-05-10
Hello,

I can set the minimum password lenght, which is great.  But how can I force the password lenght to be no more than say 10 characters?  Is there s hidden setting or a script that will do this?

I would like the users to be able to enter passwords with a minimumn lenght of 6 and maximum lenght of 10 characters.

Thank you
0
Comment
Question by:hockeyhalloffame
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33663812
I'm pretty sure AD does not have anything built-in that will max it out,  but I'm curious as to why you would want to in the first place?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33663822
No hidden setting or native way in group policy to set a "maximum password length" attribute (only minimum like you have noted)
Why do you want to limit them?
Thanks
Mike
0
 
LVL 4

Expert Comment

by:andy_maskell
ID: 33663897
Unfortunately I don't think there is a way to set a maximum password length, only a minimum. The default maximum size is 28 character I believe and you are stuck with it.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:hockeyhalloffame
ID: 33663898
My environment has a couple Iseries in the mix.  I want the user/password to be the same for the user's windows and Iseries sessions.  Its password is maxed out at 10 chars.
0
 
LVL 4

Expert Comment

by:andy_maskell
ID: 33664254
Well as there is no way to do it with AD, I can only suggest you provide them with passwords rather than letting the users chose there own and locking out their ability to change it. Although depending on the size of the network this may be impracticle.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 33664868
You can only do that with a 3rd-party tool (for example from http://www.anixis.com/, http://www.specopssoft.com/); the standard password filter doesn't allow for this.
And in case that helps any, here's a dll that would allow you to run a script when a user changes his AD password (functionality is included in Anixis' PPE, don't know about the Specops Password Policy):
Password Filter DLL
http://sourceforge.net/projects/passwdhk/
0
 

Author Comment

by:hockeyhalloffame
ID: 33665247
Great - Thank you.  PPE looks like something that could work for us.  I will evaluate it and come back and post my findings probably within the next week.
0
 

Author Comment

by:hockeyhalloffame
ID: 33850224
The 3rd party tool from Anixis does the trick for us.    Thank you for the tip.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question