1. | Log on to the Glasgow DC with the Kim_Akers account.
|
2. | If necessary, create a user account for Don_Hall with a password of P@ssw0rd. Create a global security group called special_password. Make Don_Hall a member of special_password. If you are unsure how to do this, consult the Windows Server 2008 Help files.
|
3. | In the Run box, type adsiedit.msc.
|
4. | If
this is the first time you have used the ADSI Edit console on your test
network, right-click ADSI Edit, and then choose Connect To. Type contoso.internal in the Name box, and then click OK.
|
5. | Double-click contoso.internal.
|
6. | Double-click DC=contoso,DC=internal.
|
7. | Double-click CN=System.
|
8. | Right-click CN=Password Settings Container. Choose New. Choose Object, as shown in Figure 10.
|
9. | In the Create Object dialog box, ensure that msDS-PasswordSettings is selected. Click Next.
|
10. | In the Value box for the CN attribute, type PasswdSettings01. Click Next.
|
11. | In the Value box for the msDS-PasswordSettingsPrecedence attribute, type 10. Click Next.
|
12. | In the Value box for the msDS-PasswordReversibleEncryptionEnabled attribute, type FALSE. Click Next.
|
13. | In the Value box for the msDS-PasswordHistoryLength attribute, type 6. Click Next.
|
14. | In the Value box for the msDS-PasswordComplexityEnabled attribute, type TRUE. Click Next.
|
15. | In the Value box for the msDS-MinimumPasswordLength attribute, type 6. Click Next.
|
16. | In the Value box for the msDS-MinimumPasswordAge attribute, type 1:00:00:00. Click Next.
|
17. | In the Value box for the msDS-MaximumPasswordAge attribute, type 20:00:00:00. Click Next.
|
18. | In the Value box for the msDS-LockoutThreshold attribute, type 2. Click Next.
|
19. | In the Value box for the msDS-LockoutObservationWindow attribute, type 0:00:15:00. Click Next.
|
20. | In the Value box for the msDS-LockoutDuration attribute, type 0:00:15:00. Click Next.
|
21. | Click Finish.
|
22. | Open Active Directory Users And Computers, choose View, and then choose Advanced Features.
|
23. | Expand contoso.internal, expand System, and then select Password Settings Container.
|
24. | In the details pane, right-click PSO1. Choose Properties.
|
25. | On the Attribute Editor tab, select msDS-PSOAppliesTo, as shown in Figure 11.
|
26. | Click Edit.
|
27. | Click Add Windows Account.
|
28. | Type special_password in the Enter The Object Names To Select box. Click Check Names.
|
29. | Click OK. The Multi-Valued Distinguished Name With Security Principal Editor dialog box should look similar to Figure 12.
|
30. | Click OK, and then click OK again to close the PSO1 Properties dialog box.
|
31. | Test your settings by changing the password for the Don_Hall account to a noncomplex, six-letter password such as simple. |