Password Complexity w/ Minimum password length

Discussion in 'Active Directory' started by Rob, Jul 30, 2008.

  1. Rob

    Rob Guest


    Currently, our password policy is:

    Enforce Password history = 5
    max password age = 90
    min password age = 0
    Minimum password length = 5
    password complexity - disabled

    We are wanting to change it to:

    Enforce Password history = 5
    max password age = 90
    min password age = 0
    Minimum password length = 6
    password complexity - ENABLED

    with the lenght and the complexity changing, when it does change, will the
    users be required to change immediately or when your "90" days has expired?

    So if a user is at 88, I change it today, in 2 days they will be prompted to
    change their password?

    Rob, Jul 30, 2008
    1. Advertisements

  2. Rob

    Pepijn Guest

    not immediately but after the 90 days
    Pepijn, Jul 30, 2008
    1. Advertisements

  3. Rob

    Marcin Guest

    that's correct - the new requirements will be enforced when a new password
    is assigned - either due to expiration of an existing one - or earlier - if
    a user decides to initiate the change...

    Marcin, Jul 30, 2008
  4. Hello Rob,

    For your 2 day example you are right, if the user decides to change it earlier,
    the new policy will also apply earlier. Or after the 90 days, if it is changed
    before you set the new one.

    Best regards

    Meinolf Weber
    Meinolf Weber, Jul 30, 2008
  5. Rob,
    Be aware also that with a min password age of 0, the user just needs to make
    5 rapid changes to get back to the beginning. With a password age of 1 the
    user can't do that. You can debate whether it is necessary to force a
    password change, but if you do then you probably want to set the min age,
    Anthony [MVP], Jul 30, 2008
  6. Rob

    Jorge Silva Guest

    Hi Rob,
    -The new settings are only required after the next change prompted to the
    users or if they try to change it before expiration time.

    -Note that non-expiring passwords will not be prompted to change their
    actual password, but if they try to change the PW, the new policy will be in
    effect for the new password.

    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
    Jorge Silva, Jul 30, 2008
  7. Jorge de Almeida Pinto [MVP - DS], Aug 18, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.