Implement granular password policies for users in the same AD domain

When sensitive information needs to be protected, complying with stringent password policies becomes essential. The default AD domain password policy lacks the flexibility to enforce different rules for different users and does not provide sufficient complexity options to ensure strong passwords.

Imagine the convenience of being able to apply tailored password policies based on user roles, such as IT administrators, finance staff, managers, or non-IT employees. This would enhance security while meeting the specific needs of various user groups.

ADSelfService Plus' Password Policy Enforcer effectively combats this issue by allowing you to enforce a granular password policy for specific OUs and groups within a domain.

ADSelfService Plus offers a wide range of complexity rules, such as dictionary and pattern rules, ensuring that password security is strong and not compromised.

Steps to configure a granular password policy

1. Log in to ADSelfService Plus as an administrator.
2. Navigate to Configuration > Self-Service > Password Policy Enforcer.
3. Select the policy to which you want to apply the password policy rules.
4. Enable Enforce Custom Password Policy.
5. Define the complexity requirements for new passwords by checking the necessary boxes in the Restrict Characters, Restrict Repetition, Restrict Pattern, and Restrict Length sections.
6. You can also configure the following settings for your custom password policy.
   1. Override all complexity rules if password length is at least ___: Enable this option to bypass all complexity rules if the password meets or exceeds the specified length.
   2. Password must satisfy at least ___ of the above complexity requirements: Ensure the password complies with a minimum number of the specified complexity rules.
   3. Show this policy requirement in Reset and Change Password pages: Display the rules of your custom password policy on the password reset and change password pages, replacing the default domain password policy.
   4. Enforce this policy in GINA/CP (Ctrl+Alt+Del) screen and ADUC Password resets through Password Sync Agent: Apply the custom password policy configured in ADSelfService Plus during password reset operation via the ADUC interface and during password change on the Ctrl+Alt+Del screen.
7. Click Save to finish the configuration.

What’s more? By enabling ADSelfService Plus' password synchronizer feature, you can have a universal password policy governing both your on-premises AD and cloud-based apps, including Microsoft 365, G Suite, and Salesforce.