Improve company productivity with a Business Account.Sign Up

x
?
Solved

Set spesific AD Password Policy

Posted on 2013-11-28
13
Medium Priority
?
254 Views
Last Modified: 2014-05-08
Hello,

My problem is as you know in AD the complex password means using min.3 of the followings.

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)
   *Special Character (*,?!-)

In my environment I'm using password synchronization by oracle IDM tool and I need to spesifically set the characters which needs to be used. For example I want to set my password policy as below:

Users's passwords has to include the following character sets

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)

as far as I know in AD standards there is no such a way to do that. Do you know any other method that I can use?

any comment will be appreciated.
thank you.
0
Comment
Question by:certuran
11 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 672 total points
ID: 39684414
There are no faculties built into Windows/AD to do this but you can use a 3rd party tool - eg http://www.anixis.com/products/ppe/default.htm
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 664 total points
ID: 39684541
specops is another one that I've seen used   http://www.specopssoft.com/products/specops-password-policy 

In very rare cases people with  a dev team write their own filter but that is a very small percentage of places

Thanks

Mike
0
 
LVL 59

Assisted Solution

by:McKnife
McKnife earned 664 total points
ID: 39685931
Although I run ppe by anixis myself and like it a lot, maybe you would like to try http://opensource.w2k.vt.edu/adpasswordfilter.php
This would be free.

But there are reasons against it: read my advice here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27716770.html#a37967370
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 59

Expert Comment

by:McKnife
ID: 39685981
Be at least sure not to run adpasswordfilter on 2012 R2. It breaks the whole and it can't be reverted by uninstalling it. I did this in a vm testlab and had to use the checkpoint (=snapshot) I set before.

But maybe it runs on 2008 R2 as well as on 2008 (which it is being advertised for).
0
 
LVL 2

Expert Comment

by:daniel0
ID: 39686010
Would you be intrested in any third party application..??
0
 

Author Comment

by:certuran
ID: 39688548
Hello,
thank you very much for your offers.
I will try anixis and specops in my test domain in order to see the result.
for the opensource solution I couldn't be so sure. I don't wanna take risk even in my test environmet.
what is your advise for anixis and specops. both tools seems powerfull. did you have any experience with them?

thank you.
0
 
LVL 59

Expert Comment

by:McKnife
ID: 39688557
You would need someone who knows both :)
We use ppe (anixix) since 2years. Super. Simple and flawless.
0
 

Author Comment

by:certuran
ID: 39688559
thank you for the comment. I will finish my test tomorrow. let you for the result.
have a nice evening.
0
 

Author Comment

by:certuran
ID: 40027025
I've requested that this question be closed as follows:

Accepted answer: 0 points for certuran's comment #a39688559

for the following reason:

thanks
0
 
LVL 59

Expert Comment

by:McKnife
ID: 40027026
You selected no answer yet
0
 
LVL 59

Expert Comment

by:McKnife
ID: 40040800
I would evenly split between http:#a39684414, http:#a39684541 and http:#a39685931
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question