Forum Discussion
How to fully remove domain password policy from on-prem AD
Hi, We have recently changed our AD password mastering to a 3rd part IDP, the passwords are changed on their system and are pushed to the users profile in AD, all of this is working fine. Users log...
Hi Claire_4,
To fully remove the domain password policy from on-prem Active Directory, you need to follow these steps:
- Open the Group Policy Management console on one of your domain controllers.
- Expand the forest and domain, then navigate to the "Default Domain Policy" or the GPO that previously contained the password policy settings.
- Right-click on the policy and select "Edit" to open the Group Policy Management Editor.
- In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
- Review the password policy settings and ensure they are set to "Not Defined" or the desired default values.
- Wait for the changes to replicate across your domain controllers.
You can also view the default password policy with Powershell using this command.
Get-ADDefaultDomainPasswordPolicy
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.
Kindest regards
Leon Pavesic