Solved

Set spesific AD Password Policy

Posted on 2013-11-28
13
242 Views
Last Modified: 2014-05-08
Hello,

My problem is as you know in AD the complex password means using min.3 of the followings.

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)
   *Special Character (*,?!-)

In my environment I'm using password synchronization by oracle IDM tool and I need to spesifically set the characters which needs to be used. For example I want to set my password policy as below:

Users's passwords has to include the following character sets

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)

as far as I know in AD standards there is no such a way to do that. Do you know any other method that I can use?

any comment will be appreciated.
thank you.
0
Comment
Question by:certuran
13 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 168 total points
ID: 39684414
There are no faculties built into Windows/AD to do this but you can use a 3rd party tool - eg http://www.anixis.com/products/ppe/default.htm
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 166 total points
ID: 39684541
specops is another one that I've seen used   http://www.specopssoft.com/products/specops-password-policy 

In very rare cases people with  a dev team write their own filter but that is a very small percentage of places

Thanks

Mike
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 39685931
Although I run ppe by anixis myself and like it a lot, maybe you would like to try http://opensource.w2k.vt.edu/adpasswordfilter.php
This would be free.

But there are reasons against it: read my advice here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27716770.html#a37967370
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39685981
Be at least sure not to run adpasswordfilter on 2012 R2. It breaks the whole and it can't be reverted by uninstalling it. I did this in a vm testlab and had to use the checkpoint (=snapshot) I set before.

But maybe it runs on 2008 R2 as well as on 2008 (which it is being advertised for).
0
 
LVL 2

Expert Comment

by:daniel0
ID: 39686010
Would you be intrested in any third party application..??
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:certuran
ID: 39688548
Hello,
thank you very much for your offers.
I will try anixis and specops in my test domain in order to see the result.
for the opensource solution I couldn't be so sure. I don't wanna take risk even in my test environmet.
what is your advise for anixis and specops. both tools seems powerfull. did you have any experience with them?

thank you.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39688557
You would need someone who knows both :)
We use ppe (anixix) since 2years. Super. Simple and flawless.
0
 

Author Comment

by:certuran
ID: 39688559
thank you for the comment. I will finish my test tomorrow. let you for the result.
have a nice evening.
0
 

Author Comment

by:certuran
ID: 40027025
I've requested that this question be closed as follows:

Accepted answer: 0 points for certuran's comment #a39688559

for the following reason:

thanks
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40027026
You selected no answer yet
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40040800
I would evenly split between http:#a39684414, http:#a39684541 and http:#a39685931
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now