Apr 19

Configuring Fine-Grained Password Policies in Active Directory in Windows Server 2012

Those who are novice to the active directory have common question that how to set different password policy for group of users in domain. It is really simple with Active Directory 2012 using fine-grained password policies ,but there are few facts to keep in mind before starting this.

* one domain can have only single password policy and it is managed by “Default Domain Policy”.

* If it is required to apply separate password policy, you should use Fine Grained Password Policy (FGPP) which is going to discuss in this article. It has limits as it can only apply to either USERS or GROUPS, while can not apply to OU (Organizational Units) etc.


Group Policy Management


Let’s look at how to do configure FGPP for Administrator user who needs separate password policy than normal users in windows server 2012 Active Directory.

1)  In “Server Management” window, open “Active Directory Administrative Center” from the Tools menu.


Active Directory Administrative Center

















2)  Click on “Tree View” from left top corner. Then Expand your Domain, here my Domain is “Surathilina”.

Further expand “System” and click on “Password Settings Container”. I have already created two policies ,but by default this container should be empty.


Password Setting Container

3) Let’s create a new FGPP (Fine Grained Password Policy) for “Administrator” user.

Expand “Password Settings Container” right hand on the window as below screen shot and create new one (“New” –> “Password Settings”).


Password Settings











4) Create Password Settings windows fill the values as per required.

Then choose USER or GROUP from the “Directly Applies To”. Here I select Administrator user Which I need to apply separate policy. This policy can be applied to group of users as well.


Create Password Settings



5) We can verify whether user is applied with new password setting. To do that click on “Users” container, right click on

“Administrator” user –> “View resultant password settings…”. It will opened with password settings which is created moment back.
Other users password are applied according “Default Domain Policy” and it can verify following above steps.


View resultant password settings
















It is the end of long story of  fine-grained password policies ( FGPP ) in Active Directory 2012 🙂 . I’m looking forwarding your comments


Leave Your Thought Here