A quick description of fine grained password policies is that you can specify multiple password policies within a single domain. You can use fine-grained password policies to apply different restrictions for password and account lockout policies to different sets of users in a domain

One of the nice features introduced in Windows Server 2010 “Server 8 beta” AD DS is the ability to configure fine grained password policies through GUI.

In this post we will walk through the configuration steps to create and assign different password policies to different user groups within the same Active Directory Domain, table below gives an example of different password policy requirements:

Group Name/Setting

Group1

Group2

Group3

Policy Name

Poli-Group1

Poli-Group2

Poli-Group3

Minimum password length

2

6

19

Minimum password age

1

2

14

Enforce password history

24

15

none

 

To configure password policies as per the table above

1.       Login using a domain admin account to a machine that has Active Directory administration tools and open Server Manager.

2.       Go to tools and open Active Directory Administrative Center.

clip_image002

3.       Click on Tree View.

clip_image004

4.       Navigate to System container then Password Settings Container.

clip_image006

5.       Right click Password Settings Container, then New-Password Policy

clip_image008

6.       Specify the password policy settings for each of the required policies

clip_image010

7.       Click add to link the created policy to users security group “Group1”

clip_image012

clip_image014

 

clip_image016                                                

8.       Repeat steps 5-7 for the remaining policies.