Skip navigation

Q. How can I enable complex passwords on my Windows Server 2003 Active Directory (AD) domain?

A. On a new Windows 2003 domain, complex password creation is enabled by default; however, to configure complex passwords for an upgraded domain or to simply modify the password settings, perform these steps:

  1. Open the Group Policy Object (GPO) that's linked at the domain level. For example, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, right-click the domain, select Properties, select the Group Policy tab, select the GPO, then click Edit. Doing so opens Group Policy Editor (GPE). Remember that password policies are part of the Account Settings group and take effect only when you set them at domain level; they won't be implemented if you set them at site or organizational unit (OU) levels.
  2. Select Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy.
  3. Double-click the relevant settings and set them to the settings you want (e.g., Password must meet complexity requirements," "Minimum password length," "Maximum password age"). The figure shows the default settings for a new Windows 2003 domain, which are a good baseline.
  4. Close GPE.
TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.