|Configuring Active Directory Authentication / About Active Directory Authentication|
A secure enterprise network requires all users to use strong passwords, which have at least eight characters and include a combination of letters, numbers, and symbols.
Strong passwords that are changed regularly help prevent attackers from guessing passwords and compromising users accounts.
Windows Server 2008 Active Directory domains support fine-grained password policies, which let you define different password and account lockout policies for different groups of users in a domain. In Windows Server 2003 Active Directory domains, only one password policy and account lockout policy can be applied to all users in the domain.
Once Active Directory authentication is enabled, the Active Directory password policy takes effect for all users logging into the Administration Console, User Console, and Staff Assignment applications.
There are several password policy settings that control the complexity and lifetime of Windows domain passwords:
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Passwords must meet complexity requirements
Store password using reversible encryption
For more information about Windows domain passwords, see the following Microsoft TechNet article: Passwords Technical Overview.