Greetings all,
We have an active directory domain which enforces a strict password policy. Hooray!
Now, for the project we are working on, we are going to be storing users of our website Microsoft's AD-LDS service as well as using that for authentication of our web users.
By default, it is my understanding that AD-LDS inherits its password policy from the domain of the machine it's installed on. Is there any way to break that link such that we can define a lighter password policy (or none if we so choose) for users in AD-LDS without affecting our domain?
Note: AD-LDS is going to be hosted on a machine which is part of the domain.
Thanks in advance.
Best Answer
I bumped into this (old) question while looking for something else, but I will add an answer for anyone that ends up here actually looking for an answer...
An option you can use (assuming you have a least a 2008 level AD domain) is to apply a password policy with your required "lighter" settings specifically against the server(s) you have hosting ADLDS. While 2003 and below had only domain-wide password policy settings, 2008 and up can support fine-grained password policies configured against certain areas of the domain.