Knowledge Base

In this article we will review how to predict when users’ passwords will expire when affected by a Specops Password Policy, as well as troubleshoot if passwords are not expiring when expected. In general, it is good to be aware that any Active Directory native tools for password expiration will not be aware of Specops...

Specops Password Policy, Password Reset, and uReset/Specops Authentication all use leaf objects under user accounts for the purposes of storing user specific information — for Password Policy this includes password history and length-based password age information; for Password Reset and uReset/Specops Authentication the leaf object contains user enrollment data. The advantage of using a leaf...

Specops Breached Password Protection (formerly Blacklist) is used to prevent breached passwords from being used in your environment. Connectivity to the following URLs or IP addresses is required (note that firewall SSL inspection is not supported – SSL inspection exceptions to the following URLs or IP addresses will also need to be configured). Please see...

In Specops Password policy administrative tools or in Specops uReset/Password Reset you may find that the displayed password policy rules from Active Directory do not appear accurate. All Specops password products respect both the default and fine-grained password policies as configured in Active Directory and are displayed by reading the relevant configuration attributes directly from...

This article will review how Specops Password Policy affected/subscription licenses are consumed and assumes you are on the latest version of Password Policy. Both affected (perpetual) and subscription licenses use the same model to count licenses — the count is based on the number of enabled Active Directory user objects that have a Specops Password...

In this article we will review how administrators can audit rejected password changes and password resets when Specops Password Policy is deployed in the domain. The Specops Password Policy Sentinel logs a Windows event log entry each time a password change or password reset is rejected by the rules in the Specops Password Policy. The...

In this article we will review what to check if users are not receiving password expiration reminder emails from Specops Password Policy. Password Expiration is handled exclusively by the Password Policy Sentinel installed on the domain controller holding the PDC Emulator role. If you are unsure which domain controller currently holds the PDC Emulator role,...

This article will walk you through the steps we would check to verify a Specops Password Policy configuration. Checking Specops Password Policy Administration Tools We will start by checking the Password Policy Administration Tools to see if there are any errors. Now, let’s click on Password Policy Sentinels: This will do a check of all...

What is it? Length based aging is a system that rewards users for having longer and more secure passwords. How does it work? It works by adding additional days in which the password will expire based on how many characters are in the password. In this example below, the max password age is set to...

Specops Password Policy (and all 3rd party password filters in Active Directory) do not and cannot replace the built-in password policy in Active Directory. For all password changes/resets, Active Directory will check its own built-in policy and ensure the new password meets its requirements before even checking the Specops policy requirements. Active Directory also continues...