Solved

Set spesific AD Password Policy

Posted on 2013-11-28
13
241 Views
Last Modified: 2014-05-08
Hello,

My problem is as you know in AD the complex password means using min.3 of the followings.

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)
   *Special Character (*,?!-)

In my environment I'm using password synchronization by oracle IDM tool and I need to spesifically set the characters which needs to be used. For example I want to set my password policy as below:

Users's passwords has to include the following character sets

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)

as far as I know in AD standards there is no such a way to do that. Do you know any other method that I can use?

any comment will be appreciated.
thank you.
0
Comment
Question by:certuran
13 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 168 total points
ID: 39684414
There are no faculties built into Windows/AD to do this but you can use a 3rd party tool - eg http://www.anixis.com/products/ppe/default.htm
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 166 total points
ID: 39684541
specops is another one that I've seen used   http://www.specopssoft.com/products/specops-password-policy

In very rare cases people with  a dev team write their own filter but that is a very small percentage of places

Thanks

Mike
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 39685931
Although I run ppe by anixis myself and like it a lot, maybe you would like to try http://opensource.w2k.vt.edu/adpasswordfilter.php
This would be free.

But there are reasons against it: read my advice here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27716770.html#a37967370
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39685981
Be at least sure not to run adpasswordfilter on 2012 R2. It breaks the whole and it can't be reverted by uninstalling it. I did this in a vm testlab and had to use the checkpoint (=snapshot) I set before.

But maybe it runs on 2008 R2 as well as on 2008 (which it is being advertised for).
0
 
LVL 2

Expert Comment

by:daniel0
ID: 39686010
Would you be intrested in any third party application..??
0
 

Author Comment

by:certuran
ID: 39688548
Hello,
thank you very much for your offers.
I will try anixis and specops in my test domain in order to see the result.
for the opensource solution I couldn't be so sure. I don't wanna take risk even in my test environmet.
what is your advise for anixis and specops. both tools seems powerfull. did you have any experience with them?

thank you.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39688557
You would need someone who knows both :)
We use ppe (anixix) since 2years. Super. Simple and flawless.
0
 

Author Comment

by:certuran
ID: 39688559
thank you for the comment. I will finish my test tomorrow. let you for the result.
have a nice evening.
0
 

Author Comment

by:certuran
ID: 40027025
I've requested that this question be closed as follows:

Accepted answer: 0 points for certuran's comment #a39688559

for the following reason:

thanks
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40027026
You selected no answer yet
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40040800
I would evenly split between http:#a39684414, http:#a39684541 and http:#a39685931
0

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now