none
Password length

    Question

  • 1) What is the maximum password length in windows 2003? (i think by default it is 14 characters, can i change it).

    2) How  to keep minimum and maximum password length? for example i want to set password length as minimum 8 characters and maximum 16 characters? how to achieve this?

    Saturday, July 09, 2011 10:51 AM

Answers

  • The documentation (and the schema) has no rangeUpper value for unicode-Pwd. However, I tested and a 127 character password worked. The GUI does not allow you to enter any more. I could not logon with a 128 character password (don't ask me to repeat this test).

     


    Richard Mueller - MVP Directory Services
    Saturday, July 09, 2011 9:05 PM

All replies

  • Hello,

    the minimum length is 14. AFAIK, by default it is is 7.

    Using group policies, the maximum length can not be set.

     i want to set password length as minimum 8 characters and maximum 16 character

    You have to set the minimum length to 8. The maximum length can be not be set using group policies.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Saturday, July 09, 2011 12:27 PM
  • Maximum password length - I believe it is 256 ASCII characters or 128 Unicode. 

    Minimum password length – You can use the “minimum password length” option in password complexity.

    http://technet.microsoft.com/en-us/library/cc786468(WS.10).aspx

    If you want to customize these settings, you need to use a custom password filter DLL:

    http://msdn.microsoft.com/en-us/library/ms722439.aspx

    http://msdn.microsoft.com/en-us/library/ms721766(VS.85).aspx#password_filter_functions


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    • Proposed as answer by Morphlin Thursday, March 08, 2012 5:47 AM
    Saturday, July 09, 2011 12:33 PM
  • The userPassword attribute has maximum length 128 and format UTF-8.

    http://msdn.microsoft.com/en-us/library/ms680851(VS.85).aspx

     


    Richard Mueller - MVP Directory Services
    Saturday, July 09, 2011 3:17 PM
  • Unicode-Pwd Attribute are the one used: (Not userPassword if we're talking
    about user objects - and the the password that the password policy applies
    to)
    http://msdn.microsoft.com/en-us/library/ms680513(v=VS.85).aspx
     
    Regards,
    ----------------------------------------------------------
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
     
    Please remember to click “Mark as Answer” on the post that helps you, and to
    click “Unmark as Answer” if a marked post does not actually answer your
    question. This can be beneficial to other community members reading the
    thread.
    "Richard Mueller" wrote in message
    news:62419930-86e3-4a29-8ed0-12e5c4433870...
     
    The userPassword attribute has maximum length 128 and format UTF-8.
     
    http://msdn.microsoft.com/en-us/library/ms680851(VS.85).aspx
     
     
     
    Richard Mueller - MVP Directory Services
     
     

    Enfo Zipper Christoffer Andersson – Principal Advisor
    Saturday, July 09, 2011 5:15 PM
  • The documentation (and the schema) has no rangeUpper value for unicode-Pwd. However, I tested and a 127 character password worked. The GUI does not allow you to enter any more. I could not logon with a 128 character password (don't ask me to repeat this test).

     


    Richard Mueller - MVP Directory Services
    Saturday, July 09, 2011 9:05 PM
  • Up to Windows 2003 the Maximum password length is 28 characters (See the paragraph Minimum Password Length paragraph in the link below).
    http://technet.microsoft.com/en-us/library/cc875814.aspx

    You cannot define a user to only use a certain length of characters, you would need to use a password filter such as Anixis' Password Policy Enforcer.  We use this and it is affordable but it will cost you.  So if it is a must for a a max then you will have to purchase from a third party.
    http://www.anixis.com/products/ppe/password_policy_rules.htm
    http://www.anixis.com/doc/ppe60ag/ppe60ag.asp?Topic=Length_Rule

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Saturday, July 09, 2011 10:54 PM
    Moderator
  • The 28 character limitation must be local accounts. I tested a domain account on Windows 2000 Pro client, domain functional level Windows 2000 (test domain) and the 127 character password worked.

     


    Richard Mueller - MVP Directory Services
    Saturday, July 09, 2011 11:03 PM
  • Ok, just did some more research I couldn't find any Microsoft article (But there has to be one) that states that the password attribute is 256 bytes in size.  This equates to 256 ANSI characters or 128 2-Byte Unicode characters.  So for all practical purposes 128 but I have only read folks being able to use 127.

    http://exchangepedia.com/2007/01/what-is-the-real-maximum-password-length.html

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.


    Saturday, July 09, 2011 11:14 PM
    Moderator
  • You can't set maximum password using group policy or AD, you can use below 3rd party tool to set maximum password complexity, upper/lower case limit etc. I too tried to find MS article regarding maximum character but didn't find any.

    nFront Password Filter Features

    http://nfrontsecurity.com/products/nfront-password-filter/features.php

     

    Regards


    MVP-Directory Services

    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, July 10, 2011 6:59 AM
    Moderator
  • Thank you all
    Friday, July 15, 2011 12:54 PM