Manage password policies for Amazon Managed Microsoft AD

Amazon Managed Microsoft AD enables you to define and assign different fine-grained password and account lockout policies (also referred to as fine-grained password policies) for groups of users you manage in your Amazon Managed Microsoft AD domain. When you create an Amazon Managed Microsoft AD directory, a default domain policy is created and applied to the directory. This policy includes the following settings:

Policy	Setting
Enforce password history	24 passwords remembered
Maximum password age	42 days *
Minimum password age	1 day
Minimum password length	7 characters
Password must meet complexity requirements	Enabled
Store passwords using reversible encryption	Disabled

* Note: The 42 day maximum password age includes the admin password.

For example, you can assign a less strict policy setting for employees that have access to low sensitivity information only. For senior managers who regularly access confidential information you can apply more strict settings.

Amazon provides a set of fine-grained password policies in Amazon Managed Microsoft AD that you can configure and assign to your groups. To configure the policies, you can use standard Microsoft policy tools such as Active Directory Administrative Center. To get started with the Microsoft policy tools, see Install the Active Directory Administration Tools for Amazon Managed Microsoft AD.

Topics

Related Amazon Security blog article

How to configure even stronger password policies to help meet your security standards by using Amazon Directory Service for Amazon Managed Microsoft AD

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Secure your directory

Supported policy settings