How to avoid that the users do not use the same word in the password changes in the active directory

Eduar Muñoz Murcia 41 Reputation points
2022-02-07T15:37:22.407+00:00

How can I control in the active directory that the users do not use the same words when I request the change, being more specific I refer to the following example:

My password in the active directory is: gestion2021 and when it asks me to change the password do not allow me to reuse the word management, that forces me to change the first word.

This behavior is very common in the password changes of the users at the active directory level, so I would like to know if it is possible to control it by means of some policy or if there is some functionality in the active directory that does it.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,444 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,084 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Reza-Ameri 16,826 Reputation points
    2022-02-07T16:45:19.737+00:00

    There is no easy way to do it using Windows Active Directory, it is possible to do it using third-party tools or you may try Password filtering. Take a look at:
    https://learn.microsoft.com/en-us/windows/win32/secmgmt/installing-and-registering-a-password-filter-dll
    However, there is a feature in Azure Active Directory called Global banned password list which is exactly what you are looking for, take a look at:
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
    Then you may deploy it in on-premise.

    0 comments No comments

  2. Gary Reynolds 9,391 Reputation points
    2022-02-08T07:47:42.08+00:00

    Hi

    As Reza has said, there is no native method to block password, it will require a third party password filtering solution to provide this functionality, but might not prevent the reuse of an allowed word. The other option is to increase the Password History count, which will not prevent specific words from being used again, but it will prevent the same password being used again within a that number of changes.

    Gary.

    0 comments No comments