Chapter 10. Fine-grained password policies
Now that you’ve learned how to administer your environment using Group Policies, it’s time to look at customizing the password settings in your domain. You’ll perform this task using fine-grained password policies, which are also known as Password Settings Objects (PSOs). The two terms are used interchangeably in this chapter. They enable you to have multiple password policies in the domain, which means your organization saves the cost of having multiple domains. PSOs make security more granular and enable you to apply stricter password requirements to sensitive groups such as your administrators.
The chapter starts with an overview of the concepts surrounding PSOs. After this short theory section, we’ll get back to the practical nature of administering Active Directory by showing you how to create, apply, and test fine-grained password policies.
Once the policies have been created, you need to be able to apply them to your users and groups. There are times when you need to determine the password policy that applies to a particular user. This technique is covered in the last section of the chapter. A number of practical exercises are supplied throughout the chapter, culminating in a lab section to close the chapter.
Before you can learn to manage these objects, you need to understand what they are and what they can do for your environment.