Password Polices in Active Directory We can have only one password policy and it has to be linked to the domain in Active Directory. To implement one or more specific password policy to certain users or group in Active Directory we have to set Fine grained Password Policy or third party Password solution software like nFront Password Filter. Methods of Creating Fine Grained Password Policy. 1) From Server Manager click on Tools and Navigate to Active Directory Administrative Center 2) Create a Policy. Follow these steps to create a new policy. i) In Active Directory administrative Center click on the domain and navigate to system Directory and click on it. ii) Click on the system directory and navigate to Password settings container and click it. iii) To create new password policy click on the new button on Right side Menu. iv) Following screen may appear. Now we can configure the password policy as per our requirement apply it to the specific User or Groups. Testing Fine Grained Password Policy. Now we have Two Password Policy in our active directory. • Password Policy defined in default domain policy.(Local security policy of doman Controller) • Password Policy created by fine grained Password Policy. The Snapshot below is the password policy settings of Defaul domain Policy and Local Security Policy of Domain Controller. From below snapshot we can confirm that the password Policy settings in Default Domain Policy is not defined. However from Local Security Policy we can confirm that Password Policy settings has been defined which is the Default Domainpassword policy settings in Active Directory. • Resetting the password for the user who falls under the scope of both Default Domain Policy & Fine Grained Password Policy. The snapshot below is administrator trying to reset the password of one domain user who is the member of PSO group fullfilling the password prerequisite set by default domain Policy. Eventhough meeting the prerequisite set in the Password Policy in Default Domain Policy, Password Reset failed for that user since that user belongs to PSO group. For PSO group we have applied separate password policy using fine grained password policy. The snapshot below depicts the administrator trying to reset the password for the user by fulfilling the password prerequisite set in the Fine Grained Password Policy. Password Reset for that user succeded after meeting the prerequisite set in password policy from Fine Grained Password Policy, since that user fall under the scope of Fine Grained Password Policy. • Resetting the password for the users who fall under the scope of default Domain Policy. The snapshot below shows the adminstrator trying to reset the password for the users by fulfilling the prerequisite of Default Domain Policy only, who fall under the scope of Default Domain Policy. Since, this user falls under the scope of Default Domain Policy only, No Fine Grained password policy is applied for this user. Conclusion:• For user who falls under the scope of Default Domain Policy & Fine Grained Password Policy, Password Policy set in the Fine Grained will be applied to the user. • For User who falls under the scope of multiple Fine Grained Password Policy, Policy having the lower Precedence value will be applied. • For user who falls under the scope of only Default Domain Policy, Password policy set in Default Domain Policy will be applied. • For Password policy, the password settings in Default Domain Policy and Password settings in local security policy of Domain Controller are integrated.(Whatever the changes we made on the password policy on Default Domain Policy it will be reflected on the Password Policy of Local Secuirty Policy and vice versa).