Updating Password Policies When Migrating From 2003 to 2012 R2

An advantage of moving from Windows Server 2003 to Windows Server 2012 R2 is that it gives you the opportunity to implement different password policies. Password policies determine password complexity, password length, how often passwords must be change, how many passwords are remembered, and account lockout policies.

In early versions of Windows Server, you could only have one password policy per domain. If you wanted to have different password policies, you needed to have multiple domains. In more recent versions of Windows Server, such as Windows Server 2008, you could implement Fine Grained Password Policies. Fine Grained Password Policies allowed you to implement password policies on groups of users, but involved hacking about in ADSIEdit. It was a feature that worked a lot better on a PowerPoint slide in a TechEd presentation than it did in a real world environment.

With Windows Server 2012 R2, you can configure password policies in the Active Directory Administrative Center and apply them to users and groups. You do this by creating a Password Settings object and then applying them as necessary.

Password Policies allow you to configure stricter password policies for sensitive accounts, such as those used by administrators. For example you might require administrators to have 16 character passwords rather than the standard 8 character passwords.