I’ve been tasked with prohibiting certain passwords in AD, Like a blacklist of passwords such as Password1234 etc.
I had looked online but the explanations are too complex and I need a more layman’s understanding initially so I can see if I need to research or go 3rd party
From what I understand so far I need to create a group policy – default domain policy. then have a program compiled only using C with the banned passwords that runs as a thread of the LSA :???: from what I can see this is the only path.
Is this a complex operation ? Is it worth taking the risk doing this? What could be typical negative outcomes ? e.g. blue screening the DC.
Are 3rd party solutions preferable or Is that a waste of money for something that can implement myself ?
Id appreciate any info, big picture overview so I can consider an approach
I can rustle up a Powershell script but C if that is the only option is beyond me presently