The following attributes are read from the AD and processed by Airlock IAM in order to apply the password policy. The attributes names are as specified in a msDS-PasswordSettings object. The names in "( )" brackets are the equivalent attributes used on the default domain policy (see below for an explanation of the default domain policy).
Attribute | Description |
---|---|
msDS-MinimumPasswordAge (minPwdAge) | The minimum amount of time to pass before a password can be changed again. |
msDS-MaximumPasswordAge (maxPwdAge) | The maximum amount of time a password is valid before it is enforced to be changed. |
msDS-MinimumPasswordLength (minPwdLength) | The minimum required characters a password to be set must have. |
msDS-PasswordComplexityEnabled (pwdProperties) | If enabled, a password must meet three out of the following four requirements:
|
msDS-PasswordSettingsPrecedence | Resolves ties (order) if multiple policies match for a user (lower values mean higher priority). |
msDS-PSOAppliesTo | DN (distinguished name) to specify to whom the policy applies, e.g. a group of users. |