Solved

enforce maximum password lenght in Active directory (Windows 2003 Server)

Posted on 2010-09-13
8
1,310 Views
Last Modified: 2012-05-10
Hello,

I can set the minimum password lenght, which is great.  But how can I force the password lenght to be no more than say 10 characters?  Is there s hidden setting or a script that will do this?

I would like the users to be able to enter passwords with a minimumn lenght of 6 and maximum lenght of 10 characters.

Thank you
0
Comment
Question by:hockeyhalloffame
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33663812
I'm pretty sure AD does not have anything built-in that will max it out,  but I'm curious as to why you would want to in the first place?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33663822
No hidden setting or native way in group policy to set a "maximum password length" attribute (only minimum like you have noted)
Why do you want to limit them?
Thanks
Mike
0
 
LVL 4

Expert Comment

by:andy_maskell
ID: 33663897
Unfortunately I don't think there is a way to set a maximum password length, only a minimum. The default maximum size is 28 character I believe and you are stuck with it.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:hockeyhalloffame
ID: 33663898
My environment has a couple Iseries in the mix.  I want the user/password to be the same for the user's windows and Iseries sessions.  Its password is maxed out at 10 chars.
0
 
LVL 4

Expert Comment

by:andy_maskell
ID: 33664254
Well as there is no way to do it with AD, I can only suggest you provide them with passwords rather than letting the users chose there own and locking out their ability to change it. Although depending on the size of the network this may be impracticle.
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 33664868
You can only do that with a 3rd-party tool (for example from http://www.anixis.com/, http://www.specopssoft.com/); the standard password filter doesn't allow for this.
And in case that helps any, here's a dll that would allow you to run a script when a user changes his AD password (functionality is included in Anixis' PPE, don't know about the Specops Password Policy):
Password Filter DLL
http://sourceforge.net/projects/passwdhk/
0
 

Author Comment

by:hockeyhalloffame
ID: 33665247
Great - Thank you.  PPE looks like something that could work for us.  I will evaluate it and come back and post my findings probably within the next week.
0
 

Author Comment

by:hockeyhalloffame
ID: 33850224
The 3rd party tool from Anixis does the trick for us.    Thank you for the tip.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question