Re: ADAM - Remove OS Password Policy Restriction

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Eric Fleischman [MSFT] (efleis_at_online.microsoft.com)
Date: 07/23/04 

Date: Fri, 23 Jul 2004 11:21:55 -0500

Lee is of course correct.
One other thing to remember is that unfortunately you can't have an
ADAM-specific password policy that is divergent from the Windows policy. So
it's an ON/OFF choice where ON enforces the Windows password policy and off
does not.

~Eric

"Lee Flight" <lef@le.ac.uk-nospam> wrote in message
news:OdB9wmKcEHA.996@TK2MSFTNGP12.phx.gbl...
> You can disable enforcement of password policy in ADAM:
>
> setting ADAMDisablePasswordPolicies,
> a value in the attribute msDS-Other-Settings on
> CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,CN=<GUID>,
> to 1.
>
> That's covered in the ADAM Technical reference at
>
> http://www.microsoft.com/downloads/details.aspx?familyid=96c660f7-d932-4f59-852c-2844b343f3e0&displaylang=en
>
> You can also use DSMGMT from the ADAM Command Tools Prompt to set the
> value
> in the Configurable Settings menu, unfortunately there's a bug in the
> current version of the
> tool that prevents you resetting the value to the default (0), so would be
> best to just use
> ADSIedit or ldp to modify the value.
>
> Lee Flight
>
>
> "Karl McGuinness" <karl@stentor.removethis.com> wrote in message
> news:O9adnSjHqJTPep3cRVn-hA@speakeasy.net...
>>I am working on implementing ADAM for a user store for our web application
>> but I can't have the OS manage the password policy. Is there anyway to
>> disable the OS from enforcing password policy on ADAM only users? This
>> is
>> very critical for our application as the OS password policy cannot
>> restrict
>> the passwords for application users. Ideally I would like to set a
>> policy
>> for ADAM using attributes similar to AD in the instance.
>>
>> 1> minPwdLength: 0;
>> 1> pwdHistoryLength: 1;
>>
>> Any help would be appreciated. This is a show stopper.
>>
>> Thanks,
>> Karl
>>
>>
>
>

Relevant Pages

  • Re: ADAM pwd policies
    ... ADAM on a W2K3 server in a domain will follow the resultant ... password policy on the server. ... you might tune at say, the level of the OU containing the server account. ...
    (microsoft.public.windows.server.active_directory)
  • Re: badPwdCount not Incremented with Membership Provider using ADAM
    ... it is also not true that you are stuck with your domain password policy in ADAM. ... Ideally, ADAM would support password policy completely internal to ADAM, but it currently does not and is wrapped up in the local OS policy enforcement. ... how do I implement them using the membership provider? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant get password right in ADAM
    ... password policy on the server whereas ADAM on WinXP is not subject ... on W2K3 then the account is set to disabled if no valid password ... "Lee Flight" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - Remove OS Password Policy Restriction
    ... You can disable enforcement of password policy in ADAM: ... setting ADAMDisablePasswordPolicies, ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and Password Policies
    ... If there is no password policy applied, then lockout, expiration, history, ... Joe Kaplan-MS MVP Directory Services Programming ... the password policies for ADAM turned off. ...
    (microsoft.public.windows.server.active_directory)