Changing Password Complexity Requirements in Windows Server 2012 Domains


When configuring your Active Directory Domain, you may decide you want a different set of complexity requirements than the defaults provided in Windows Server 2012 Domain Services. In this article, I will explain how to change the default complexity requirements for all users.

1. Log into an Active Directory Domain Controller using Domain Administrator Credentials

2. Click on Start and in the Start Search, Type GPMC.msc and press Enter

3. In the Group Policy Management Console, Expand the Forest, Domains, and YourDomain.local trees


4. Right Click on Default Domain Policy and choose Edit

5. In the Group Policy Editor Window, Navigate to Computer Configuration > Windows Settings > Security Settings > Account Policies and select Password Policy


6. In the right pane, choose the option to wish to change. If you do not define a policy, it will not be applied. For example, If you change Enforce Password History from 24 to Not Defined, there will be no history requirements applied.


7. After making your desired changes, close the editor (no saving required).

8. Click on Start and in the Start Search, type CMD. Right Click Command Prompt and choose Run as Administrator

9. In the Command Prompt Window, type GPUpdate /force and press Enter.


The new password policy will now be applied.

 Note: It is also possible to apply multiple password policies to different user groups by creating multiple Organizational Units and Policies.

Leave a Reply

Your email address will not be published. Required fields are marked *