Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

Set spesific AD Password Policy

Hello,

My problem is as you know in AD the complex password means using min.3 of the followings.

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)
   *Special Character (*,?!-)

In my environment I'm using password synchronization by oracle IDM tool and I need to spesifically set the characters which needs to be used. For example I want to set my password policy as below:

Users's passwords has to include the following character sets

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)

as far as I know in AD standards there is no such a way to do that. Do you know any other method that I can use?

any comment will be appreciated.
thank you.
0
certuran
Asked:
certuran
3 Solutions
 
KCTSCommented:
There are no faculties built into Windows/AD to do this but you can use a 3rd party tool - eg http://www.anixis.com/products/ppe/default.htm
0
 
Mike KlineCommented:
specops is another one that I've seen used   http://www.specopssoft.com/products/specops-password-policy 

In very rare cases people with  a dev team write their own filter but that is a very small percentage of places

Thanks

Mike
0
 
McKnifeCommented:
Although I run ppe by anixis myself and like it a lot, maybe you would like to try http://opensource.w2k.vt.edu/adpasswordfilter.php
This would be free.

But there are reasons against it: read my advice here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27716770.html#a37967370
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
McKnifeCommented:
Be at least sure not to run adpasswordfilter on 2012 R2. It breaks the whole and it can't be reverted by uninstalling it. I did this in a vm testlab and had to use the checkpoint (=snapshot) I set before.

But maybe it runs on 2008 R2 as well as on 2008 (which it is being advertised for).
0
 
daniel0Commented:
Would you be intrested in any third party application..??
0
 
certuranAuthor Commented:
Hello,
thank you very much for your offers.
I will try anixis and specops in my test domain in order to see the result.
for the opensource solution I couldn't be so sure. I don't wanna take risk even in my test environmet.
what is your advise for anixis and specops. both tools seems powerfull. did you have any experience with them?

thank you.
0
 
McKnifeCommented:
You would need someone who knows both :)
We use ppe (anixix) since 2years. Super. Simple and flawless.
0
 
certuranAuthor Commented:
thank you for the comment. I will finish my test tomorrow. let you for the result.
have a nice evening.
0
 
certuranAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for certuran's comment #a39688559

for the following reason:

thanks
0
 
McKnifeCommented:
You selected no answer yet
0
 
McKnifeCommented:
I would evenly split between http:#a39684414, http:#a39684541 and http:#a39685931
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now