Solved

Set spesific AD Password Policy

Posted on 2013-11-28
13
246 Views
Last Modified: 2014-05-08
Hello,

My problem is as you know in AD the complex password means using min.3 of the followings.

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)
   *Special Character (*,?!-)

In my environment I'm using password synchronization by oracle IDM tool and I need to spesifically set the characters which needs to be used. For example I want to set my password policy as below:

Users's passwords has to include the following character sets

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)

as far as I know in AD standards there is no such a way to do that. Do you know any other method that I can use?

any comment will be appreciated.
thank you.
0
Comment
Question by:certuran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 168 total points
ID: 39684414
There are no faculties built into Windows/AD to do this but you can use a 3rd party tool - eg http://www.anixis.com/products/ppe/default.htm
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 166 total points
ID: 39684541
specops is another one that I've seen used   http://www.specopssoft.com/products/specops-password-policy 

In very rare cases people with  a dev team write their own filter but that is a very small percentage of places

Thanks

Mike
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 39685931
Although I run ppe by anixis myself and like it a lot, maybe you would like to try http://opensource.w2k.vt.edu/adpasswordfilter.php
This would be free.

But there are reasons against it: read my advice here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27716770.html#a37967370
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 54

Expert Comment

by:McKnife
ID: 39685981
Be at least sure not to run adpasswordfilter on 2012 R2. It breaks the whole and it can't be reverted by uninstalling it. I did this in a vm testlab and had to use the checkpoint (=snapshot) I set before.

But maybe it runs on 2008 R2 as well as on 2008 (which it is being advertised for).
0
 
LVL 2

Expert Comment

by:daniel0
ID: 39686010
Would you be intrested in any third party application..??
0
 

Author Comment

by:certuran
ID: 39688548
Hello,
thank you very much for your offers.
I will try anixis and specops in my test domain in order to see the result.
for the opensource solution I couldn't be so sure. I don't wanna take risk even in my test environmet.
what is your advise for anixis and specops. both tools seems powerfull. did you have any experience with them?

thank you.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39688557
You would need someone who knows both :)
We use ppe (anixix) since 2years. Super. Simple and flawless.
0
 

Author Comment

by:certuran
ID: 39688559
thank you for the comment. I will finish my test tomorrow. let you for the result.
have a nice evening.
0
 

Author Comment

by:certuran
ID: 40027025
I've requested that this question be closed as follows:

Accepted answer: 0 points for certuran's comment #a39688559

for the following reason:

thanks
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40027026
You selected no answer yet
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40040800
I would evenly split between http:#a39684414, http:#a39684541 and http:#a39685931
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question