Implementing Multiple Password Policies per Domain
Another Windows Server 2008 addition to AD DS is the ability to implement granular password policies across a single domain. Previously, this was only an option with third-party password-change utilities installed on the DCs in a forest. With Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012, administrators can define which users have more complex password policies and which will be able to use more lenient policies.
You need to understand a few key points about this technology before implementing it, as follows:
• Domain mode must be set to Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 level.
• Fine-grained password policies always win over a domain password ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
