Solved

enforce maximum password lenght in Active directory (Windows 2003 Server)

Posted on 2010-09-13
8
1,303 Views
Last Modified: 2012-05-10
Hello,

I can set the minimum password lenght, which is great.  But how can I force the password lenght to be no more than say 10 characters?  Is there s hidden setting or a script that will do this?

I would like the users to be able to enter passwords with a minimumn lenght of 6 and maximum lenght of 10 characters.

Thank you
0
Comment
Question by:hockeyhalloffame
8 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33663812
I'm pretty sure AD does not have anything built-in that will max it out,  but I'm curious as to why you would want to in the first place?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33663822
No hidden setting or native way in group policy to set a "maximum password length" attribute (only minimum like you have noted)
Why do you want to limit them?
Thanks
Mike
0
 
LVL 4

Expert Comment

by:andy_maskell
ID: 33663897
Unfortunately I don't think there is a way to set a maximum password length, only a minimum. The default maximum size is 28 character I believe and you are stuck with it.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:hockeyhalloffame
ID: 33663898
My environment has a couple Iseries in the mix.  I want the user/password to be the same for the user's windows and Iseries sessions.  Its password is maxed out at 10 chars.
0
 
LVL 4

Expert Comment

by:andy_maskell
ID: 33664254
Well as there is no way to do it with AD, I can only suggest you provide them with passwords rather than letting the users chose there own and locking out their ability to change it. Although depending on the size of the network this may be impracticle.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 33664868
You can only do that with a 3rd-party tool (for example from http://www.anixis.com/, http://www.specopssoft.com/); the standard password filter doesn't allow for this.
And in case that helps any, here's a dll that would allow you to run a script when a user changes his AD password (functionality is included in Anixis' PPE, don't know about the Specops Password Policy):
Password Filter DLL
http://sourceforge.net/projects/passwdhk/
0
 

Author Comment

by:hockeyhalloffame
ID: 33665247
Great - Thank you.  PPE looks like something that could work for us.  I will evaluate it and come back and post my findings probably within the next week.
0
 

Author Comment

by:hockeyhalloffame
ID: 33850224
The 3rd party tool from Anixis does the trick for us.    Thank you for the tip.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question