none
Complexity requirement enable question

    Question

  • Hello,

    I didn't ask end users to place a special character in their passwords. So if I enable "Password must meet complexity requirements" in the GP, will users get locked out?

    I am unsure because I don't see any settings to toggle the special characters on/off and in the "Explain" tab for the setting it states:

    "

    If this policy is enabled, passwords must meet the following minimum requirements:
    ....
    Non-alphabetic characters (for example, !, $, #, %)"

    I am wondering if that is just generic explanation though.

    We are in an Exchange 2010 SP3 + O365 Hybrid configuration.


    Thank You, Joe

    Tuesday, October 11, 2016 2:52 PM

Answers

  • Hi Joe,

    Thanks. But is a special character required even though I don't see a setting for it? Is it just "baked in“

    >>>Which GPO you have configured for password policy?

    You should configure account policy in default domain policy.

    For domain accounts, there can be only one account policy per domain. The account policy must be defined in the Default Domain Policy or in a new policy that is linked to the root of the domain and given precedence over the Default Domain Policy, which is enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from a Group Policy object (GPO)linked to the domain, which by default is the Default Domain Policy GPO. This behavior occurs even if there is a different account policy applied to the organizational unit (OU) that contains the domain controller.

    For more information, please refer to the article below.

    Account Policy Settings

    https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 12, 2016 4:58 AM
    Moderator

All replies

  • From first-hand experience, users will not get locked out if you change the password policy on them - they will only be required to meet the password complexity requirement at their next password change.  You're good to go to do this now.

    Best Regards, Todd Heron | Active Directory Consultant

    Tuesday, October 11, 2016 2:56 PM
  • Thanks. But is a special character required even though I don't see a setting for it? Is it just "baked in"?

    Thank You, Joe

    Tuesday, October 11, 2016 3:00 PM
  • Hi Joe,

    Thanks. But is a special character required even though I don't see a setting for it? Is it just "baked in“

    >>>Which GPO you have configured for password policy?

    You should configure account policy in default domain policy.

    For domain accounts, there can be only one account policy per domain. The account policy must be defined in the Default Domain Policy or in a new policy that is linked to the root of the domain and given precedence over the Default Domain Policy, which is enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from a Group Policy object (GPO)linked to the domain, which by default is the Default Domain Policy GPO. This behavior occurs even if there is a different account policy applied to the organizational unit (OU) that contains the domain controller.

    For more information, please refer to the article below.

    Account Policy Settings

    https://technet.microsoft.com/en-us/library/cc757692%28v=ws.10%29.aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 12, 2016 4:58 AM
    Moderator
  • Hi,

    Are there any updates?

    If the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank You.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 17, 2016 2:32 AM
    Moderator