none
changing minimum password length AD 2003

    Question

  • We currently have a minimum password length of 6 characters, but we need to change it to 8 characters. My question is, what are the reprocussions of doing this? what will happen to any user or service acount that has a password less than 8 characters at the time of change? will they be locked out or required to change their password at the next login?

    We have a lot of service accounts. some log in interactively, others just connect to share drives where a script moves files. Due to poor record keeping over the years, we have no idea who owns some of these, what they do, or what the password is. Will these processes break when we change the requirement?

     

    we have a 2003 active directory enviornment.

     

    Thanks in advance!

    Wednesday, April 06, 2011 6:53 PM

Answers

  • Hello,

    AFAIK users will not be prompted to change their password at next logon after the appliance of the new password policy. They should change their passwords when the maximum password age is over.

    Example:

    You changed the required number of characters from 6 to 8 and a user had to change his password with max 2 days (This is before the appliance). After the appliance, just the required number of characters will be applied and the user should change his password after max 2 days.

    You can use password never expire option if you want that a user password never expire.

    If you had 2008 domain FL, you will be able to apply multiple password policies.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    • Marked as answer by chrisharlow Thursday, April 07, 2011 2:50 PM
    Wednesday, April 06, 2011 7:12 PM

All replies

  • Hello,

    AFAIK users will not be prompted to change their password at next logon after the appliance of the new password policy. They should change their passwords when the maximum password age is over.

    Example:

    You changed the required number of characters from 6 to 8 and a user had to change his password with max 2 days (This is before the appliance). After the appliance, just the required number of characters will be applied and the user should change his password after max 2 days.

    You can use password never expire option if you want that a user password never expire.

    If you had 2008 domain FL, you will be able to apply multiple password policies.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    • Marked as answer by chrisharlow Thursday, April 07, 2011 2:50 PM
    Wednesday, April 06, 2011 7:12 PM
  • so, if I understand you correctly,... changing the minimum password length requirement will not immediately force anyone whose password does not comply to change it. they will however be forced to use the new requirements when their passord expires. correct?
    Wednesday, April 06, 2011 7:16 PM
  • AFAIK, it is like that. Yes.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Wednesday, April 06, 2011 7:25 PM
  • Yes, the new policy applies the next time they change their password. They are fine in the meantime.

     


    Richard Mueller - MVP Directory Services
    Thursday, April 07, 2011 2:20 AM
  • Thanks everyone!
    Thursday, April 07, 2011 2:50 PM