Block AD Password Policy Inheritance

By default, password policies for both AD Users and Non AD Users are governed by any existing AD password policies.

However, there may be business reasons where this is undesirable for certain scenarios. You can disable this inheritance (for Non AD Users only) in one of the methods described below.

Note: That this will result in no password policy being enforced for Non AD Users, which means that even setting a blank password will be possible.

Using ADSI Edit

Using Microsoft’s ADSI Edit tool (AdsiEdit.msc):

  1. Connect to the DigitalPersona LDS instance.

  2. Expand the Configuration container and navigate to the CN=Directory Service node.

  3. Display its Properties dialog box and locate the msDS-Other-Settings attribute.

  4. Click Edit .

  5. In the Multi-valued String Editor dialog box, locate the ADAMDisablePasswordPolicies entry.

  6. Set its value to 0.

  7. In the String Editor, set the value of ADAMDisablePasswordPolicies to 1.

Using DSMGMT

You can also use the DSMGMT command line tool from an elevated Run command window or PowerShell:

Copy

Syntax

dsmgmt “Configurable Settings” Connections “connect to server localhost:389” q “Set ADAMDisablePasswordPolicies to 1” “Commit changes” q q