none
Can we change Password complexity requirements

    Question

  • Hi Team,

    Our current AD infrastructure is running windows 2012 R2. We have enabled password complexity requirements.

    As per our company policy the password must meet Uppercase letters, Lower letters, Base 10 digits and special characters (Eg. User@123). But Microsoft password complexity is if any 3 above is meet is accepted (Eg. User123 or user@123). Is there any way I can change the password complexity requirements as per our company policy?

    https://technet.microsoft.com/en-us/library/hh994562(v=ws.11).aspx

    Thanks,

    Vamshi Krishna


    vamshi

    Monday, March 6, 2017 6:48 AM

All replies

  • Hi,

    Thank you for your reply. I applied Fine Grained password policy and the password complexity is same. Is there any other way?


    vamshi

    Monday, March 6, 2017 7:54 AM
  • Hello,

    Unfortunately you cannot do this using the built-in tools. 

    There are two common ways to achieve this:

    • Use some Identity Management software. In this case, if the software you have chosen supports custom complexity requirements you will be able to set them up when you modify passwords through this app. However, as your custom requirements are lower that AD default ones, you will have to disable complexity enforcement in AD to do so. This would mean that it will be possible to set weaker passwords when someone modifies them directly in AD. Therefore you will need to modify your processes to ensure that the Identity Management app should be the source of all password updates and not AD directly.
    • Modify password DLLs. This requires custom development. I am not sure how this can be done, but it is mentioned that it is possible to do that. However, this may introduce additional risks as you modify some essential windows components.

    As you may see, both these ways introduce operational and technical complexity and challenges, so you need to thoroughly consider why you would want to use the custom complexity requiirements and if the returned benefit is worth it.

    /Regards


    Monday, March 6, 2017 7:56 AM
  • Monday, March 6, 2017 2:02 PM
  • Hi Vamshi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 10, 2017 8:10 AM
    Moderator