An AD domain contains a password policy that is applied to all users. However, in some cases, it is necessary to apply a different policy to one or more users.
Since Windows Server 2008 Microsoft has made available the refined password functionality. Windows Server 2012 improves functionality by providing a graphical interface. This makes it easier to configure these AD objects (PSO – Password Security Object). In Windows Sever 2012 or Windows Server 2012 R2, access the Active Directory Administration Center console.
Accédez à la racine du domaine puis sélectionnez le conteneur system.
Go to the Password Security Container folders and in the action banner, click on New and Password Setting.
A window appears, which allows you to configure the various parameters.
Enter the name of the desired PSO and the precedence (priority). A precedence of 1 makes the PSO a priority over another having a higher precedence. Configure the password and lock settings as desired.
To know the resulting password strategy, select the user and then in the action banner click on view resultant password settings.