Forum Discussion
How to fully remove domain password policy from on-prem AD
Hi Claire_4,
To fully remove the domain password policy from on-prem Active Directory, you need to follow these steps:
- Open the Group Policy Management console on one of your domain controllers.
- Expand the forest and domain, then navigate to the "Default Domain Policy" or the GPO that previously contained the password policy settings.
- Right-click on the policy and select "Edit" to open the Group Policy Management Editor.
- In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
- Review the password policy settings and ensure they are set to "Not Defined" or the desired default values.
- Wait for the changes to replicate across your domain controllers.
You can also view the default password policy with Powershell using this command.
Get-ADDefaultDomainPasswordPolicy
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.
Kindest regards
Leon Pavesic
LeonPavesic Thank you for the reply. Yes that's exactly what we've done, all settings under Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy - are set to not defined. Replication across domain controllers is working. I've attached a screenshot showing the group policy at the top with the correct settings, and the local security and group policy for that particular DC showing the incorrect settings. We have ran a GPUpdate on the DC's and rebooted both of them but the settings still remain.