To increase security of AD, administrators implements policy passwords. That policy specify how should passwords looks like. It is regarding complexity, lenght, time for change etc. Default policy password set in GPO could be set as a only one and for whole domain.
Fine-Grained password policy is available since Windows Server 2008 and allow to create multiple separated password policies. We can configure different policies for externals, internals, production employees, office employees etc. Each policy can have different password requirements.
What we should know before configuring FGPP:
- policy can be assigned to users or security group
- FGPP is more important, so when we also have Default Domain Policy for some user, then FGPP will be applied for him
- FGPP is available Windows Server 2008 and newer
Now we can go to creating policy. In order to do that we need to open Active Directory Administrative Center and next go to container System. Tne we click PPM on Password Settings Container and choose new.
Next thing we need to specify parameters such as name, details about password complexity, time of change password. Important parameter here is Precedence. It is usable when we have more than 1 policy. In case of multiple policies, that with lowest value will be applied.