Friday, January 22, 2016

Remove Password Change Requirement in AD

For test AD environment, it is often convenient to disable the default password requirements such as minimum length, expiration days, etc. Here's a quick cheat sheet on how to do it.


  1. Remote in to Domain Controller
  2. Run "Group Policy Management"
    1. Expand Forest, Domains and your AD domain
    2. Right-click the "Default Domain Policy" and select "Edit"
    3. Group Policy Management Editor appears.
      1. Expand Computer Configuration
      2. Expand Policies
      3. Expand Windows Settings
      4. Expand Security Settings
      5. Expand Account Policies
      6. Select Password Policy
        1. Enable policies with 0 values as needed in the right pane.
      7. Select Account Lockout Policy
        1. Make changes as needed.
  3. On Windows 2012 or later
    1. Use Powershell command "Invoke-GPUpdate"
  4. On Windows 2008 or earlier
    1. Use command "gpupdate /force"

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)