[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Set spesific AD Password Policy

Posted on 2013-11-28
13
Medium Priority
?
253 Views
Last Modified: 2014-05-08
Hello,

My problem is as you know in AD the complex password means using min.3 of the followings.

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)
   *Special Character (*,?!-)

In my environment I'm using password synchronization by oracle IDM tool and I need to spesifically set the characters which needs to be used. For example I want to set my password policy as below:

Users's passwords has to include the following character sets

   *Uppercase Character (A-Z)
   *Lowercase Character(a-z)
   *Numeric value (0-9)

as far as I know in AD standards there is no such a way to do that. Do you know any other method that I can use?

any comment will be appreciated.
thank you.
0
Comment
Question by:certuran
11 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 672 total points
ID: 39684414
There are no faculties built into Windows/AD to do this but you can use a 3rd party tool - eg http://www.anixis.com/products/ppe/default.htm
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 664 total points
ID: 39684541
specops is another one that I've seen used   http://www.specopssoft.com/products/specops-password-policy 

In very rare cases people with  a dev team write their own filter but that is a very small percentage of places

Thanks

Mike
0
 
LVL 58

Assisted Solution

by:McKnife
McKnife earned 664 total points
ID: 39685931
Although I run ppe by anixis myself and like it a lot, maybe you would like to try http://opensource.w2k.vt.edu/adpasswordfilter.php
This would be free.

But there are reasons against it: read my advice here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27716770.html#a37967370
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 58

Expert Comment

by:McKnife
ID: 39685981
Be at least sure not to run adpasswordfilter on 2012 R2. It breaks the whole and it can't be reverted by uninstalling it. I did this in a vm testlab and had to use the checkpoint (=snapshot) I set before.

But maybe it runs on 2008 R2 as well as on 2008 (which it is being advertised for).
0
 
LVL 2

Expert Comment

by:daniel0
ID: 39686010
Would you be intrested in any third party application..??
0
 

Author Comment

by:certuran
ID: 39688548
Hello,
thank you very much for your offers.
I will try anixis and specops in my test domain in order to see the result.
for the opensource solution I couldn't be so sure. I don't wanna take risk even in my test environmet.
what is your advise for anixis and specops. both tools seems powerfull. did you have any experience with them?

thank you.
0
 
LVL 58

Expert Comment

by:McKnife
ID: 39688557
You would need someone who knows both :)
We use ppe (anixix) since 2years. Super. Simple and flawless.
0
 

Author Comment

by:certuran
ID: 39688559
thank you for the comment. I will finish my test tomorrow. let you for the result.
have a nice evening.
0
 

Author Comment

by:certuran
ID: 40027025
I've requested that this question be closed as follows:

Accepted answer: 0 points for certuran's comment #a39688559

for the following reason:

thanks
0
 
LVL 58

Expert Comment

by:McKnife
ID: 40027026
You selected no answer yet
0
 
LVL 58

Expert Comment

by:McKnife
ID: 40040800
I would evenly split between http:#a39684414, http:#a39684541 and http:#a39685931
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question