Share via

Create Custom Password Policy on AD

Tamerlan Imanov 1 Reputation point
2020-12-03T12:09:25.133+00:00

I have an active directory on Windows Server 2016 Standard.

How to create custom password policy on Active Directory? I do not mean standard fine-grained policy with just length of password and number of remembered passwords. I mean I need to prohibit to use names, surname, cities etc. as password.

How to do that?

Please assist.

Thank you for your attention.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abhijeet-MSFT 551 Reputation points Microsoft Employee
    2020-12-04T06:49:33.917+00:00

    @Tamerlan Imanov , On-premise AD does not have the ability to block out passwords (names, cities, etc). However you can use Azure AD password protection policy for on-premise domain controllers.

    "Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. On-premises deployment of Azure AD Password Protection uses the same global and custom banned password lists that are stored in Azure AD, and does the same checks for on-premises password changes as Azure AD does for cloud-based changes. These checks are performed during password changes and password reset events against on-premises Active Directory Domain Services (AD DS) domain controllers."

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises

    1 person found this answer helpful.
    0 comments
  2. Andreas Baumgarten 131.6K Reputation points MVP Volunteer Moderator
    2020-12-03T13:11:55.947+00:00

    As far as I know this is not possible in AD by default.

    Maybe this is helpful for you: https://specopssoft.com/product/specops-password-policy/#create-compliant-password-policies

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2020-12-04T00:27:14.227+00:00

    Hi,

    As @Andreas Baumgarten and @Thameur-BOURBITA said It is not possible to create custom password policy on Active Directory.
    There are 2 ways to set password: Fine-Grained policy and Domain Default GPO.

    Best Regards,

    0 comments
  4. Thameur-BOURBITA 36,526 Reputation points Moderator
    2020-12-03T22:29:28.79+00:00

    Hi,

    By default with active directory provide two options to apply a password policy : fine-grained policy and domain default GPO.

    If you want to apply a custom policy , you should use a third party tools.

    Please don't forget to mark this reply as answer if it help you to fix your issue

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.