Active Directory is the central authentication service in most organizations. By mirroring the organizational structure, Active Directory simplifies how administrators manage users, as well as how they authenticate to the network. In most cases, user authentication requires passwords. While passwords are inherently weak, they are not going away anytime soon. The Active Directory password policy is vital to protecting the network from unauthorized access.
An Active Directory password policy is a set of rules that define what passwords are allowed in an organization, and how long they are valid. The policy is enforced for all users as part of the Default Domain Policy Group Policy object, or by applying a fine-grained password policy (FGPP) to security groups.
Active Directory passwords with FGPP settings can be configured from the Active Directory Administrative Center. The settings provide the same basic options as the password policy in the Default Domain Policy, including password length, age, and complexity requirements. Unfortunately, these passwords are easy to crack thanks to the popularity of password guessing tools and rainbow tables. Additional password settings can be added using third-party password policy tools.