No announcement yet.

AD password audits

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD password audits

    I'm looking for tools to use to audit passwords in AD 2003. I will have DA access to the domain, so I can get any databases or files I need. This is to make sure users are setting fairly complex passwords. MS policy will allow simple complex passwords like "Passw0rd" which will fail pretty quickly against a rainbow.

    Does anyone have any good techniques for this? Especially interested in doing this with a script weekly and then generating emails to users who have weak passwords telling them to change.


  • #2
    Re: AD password audits

    have you tried the MSBA?

    it checks password complexity.

    the other option is to up the minimums on the password complexity via GPO, which would be my preference. this will prevent users from even using passwords like "1234567" and such...

    now, i dont know what will happen to users with weak passwords when you enable this setting... so maybe you want to audit them first, get them to change it to meet the requirements then enable the GPO. maybe someone else has an idea on that aspect of enforcing the GPO...

    pees out!
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...