Microsoft Active Directory always comes with a default domain password that defines the password requirements like length, age, characters, and many more. This password policy is configured and linked to the root of the domain and affects every user on the domain. This guide is going to show you how you can change that default value to the value you want. You may want to know How to Block downloads on Microsoft Edge using GPO on Windows Server . This is How to allow RDP access for non-administrators on a Domain Controller. This guide discusses how To Configure a Domain Password Policy.
Here is a YouTube video showing the following steps on how to configure a Domain Password Policy as well.
Configure a Domain Password Policy
Now to get to the password policy section do the following:
1. Open the group policy management console by starting a Command Prompt or Run, and then type: gpmc.msc
2. Expand Domains, your domain, and the group policy objects
3. Now right-click the default domain policy and click edit
4. Now navigate to Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policy
This will show you the current default password policy.
5. You can also use this command
Get-ADDefaultDomainPasswordPolicy on Powershell to view the default settings.
6. To edit you will need to double-click on each setting. Let us double-click on the Minimum password length and adjust it from the default of 7 to 10. Click OK to apply.
You can change any of the default settings and apply it.
Note: it is not recommended to create a new GPO and link to an organization unit and if you want to apply a different password policy to domain users the best practice is to use a fine-grained password policy.
I hope you found this blog post on How To Configure a Domain Password Policy interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.