Windows Server 2012

How to Configure Fine-Grained Password Policy in Windows Server 2012 Using ADAC

What is fine-grained password policy? And how can I configure fine-grained password policy with the Active Directory Administrative Center (ADAC)?

Fine-grained password policy was introduced in Windows Server 2008 to overcome the limitation of only one password policy for a domain. Fine-grained password policies do exactly what they say on the tin, allowing system administrators to apply different password policies to groups of users in an Active Directory domain.

Configuring Fine-Grained Password Policy with the ADAC

Prior to Windows Server 2012, it was only possible to configure fine-grained password policies from the command line. Fortunately, a graphical user interface for fine-grained password policy is included in Windows Server 2012’s Active Directory Administrative Center (ADAC).

Before you can use fine-grained password policy, make sure that your domain is set at the Windows Server 2008 domain functional level or higher. For more information on setting domain and forest functional levels, see “Raising Windows Server 2008 Active Directory Domain and Forest Functional Levels” on the Petri IT Knowledgebase.

  • Login to a Windows Server 2012 domain controller as a domain administrator.
  • If it’s not already open, start Server Manager using the icon on the desktop taskbar or from the Start screen.
  • In Server Manager, select Active Directory Administrative Center from the Tools menu.
  • In the left pane of ADAC, click ad (local).
  • In the central pane, double-click the System container.
  • Now right-click Password Settings Container and select New > Password Settings from the menu.
  • Enter a name for the policy in the Create Password Settings dialog.
Create a fine-grained password policy using ADAC
Enter a name for the policy in the Create Password Settings dialog.
  • Enter a number for the Precedence box. Policies with lower precedence index numbers take priority over those with higher numbers.
  • Now configure the remainder of the password policy settings as required.
  • When you’re done, click Add in the bottom right corner.
  • In the Select Users or Groups dialog, type the name of the group you want to apply the new policy to and click OK.
  • Now click OK in the Create Password Settings dialog.

If you double-click the Password Settings Container in ADAC, you’ll now see the new policy along with its precedence index.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Related Topics:

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: