For a Windows 2003 domain in native mode, the limit is either 128 or
256, I forget which. My administrator password is routinely over 20
characters and I do not have a problem. It is unlikely that you will
have end users with passwords reaching the character limit simply
because it's a pain to type that many characters just to get into a
machine. I wouldn't set a minimum password length less than 8
characters. A password over 15 characters cannot be used for LM or NTLM
authentication. NTLMv2 authentication must be used for these longer
passwords and therefore can be a problem on some older Unix/Linux SMB
servers.

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of dgonzalez.itpro (at) gmail (dot) com [email concealed]
> Sent: Tuesday, May 19, 2009 9:32 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: AD Password complexity - passwords too long?
>
> Hello list,
>
> We have password complexities set on our domain; minimum password
length
> is 8 and all XP users and Windows 2003 servers.
>
> I can set my password to 9-10 characters, but if I try to set it for
10+
> characters, they get the error message that they do not meet the
> complexity requirements.
>
> I have searched Microsoft documentation, and find minimum length
> requirements. I think I saw something about 28 characters, and even
127
> characters.
>
> Does anyone know if there is a max password length?
>
> We would like to keep the minimum 8 characters, and the maximum varied
at
> the users discretion. Can this be done?
>
>
> Thanks

[ reply ]