Q. Does Active Directory Lightweight Directory Services (AD LDS) implement password policies that are configured at the domain level?

A. You can assign password policies at the domain level with specific password complexity requirements, password history, and other account-type configurations. AD LDS will implement the password policy for the machine it's running on. This means that the password policy applied for the domain that the AD LDS server resides on will apply to the AD LDS accounts.

You can apply password policies at the OU level that are ignored for domain accounts, but these OU-level password policies are applied for local accounts, which AD LDS counts as. So if you set OU-level password policies, they'll be applied for AD LDS accounts.

Note that AD LDS doesn't implement Fine Grained Password Policies.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.