Overview
This becomes a requirement in order to apply stricter password requirements on different type of users such as IT Admins or contractors.
How to configure
Notes: The new password settings object (PSO) can only be scoped to Global Security Groups. Membership in the Domain Admins group or equivalent permissions is required.
You can add to this group the users that you need to apply the policy to.
Easiest way is to open the Active Directory Administrative Center (adac.exe) as an Administrator.
Then navigate to CN=Password Settings Container,CN=System,DC=yourdomain,DC=com then right-click and select New > Password Settings.
The first section contains the security configuration, then the second section contains the group to which it is scoped.
Note the precedence field. In case you have overlapping PSO’s this will define the order in which it needs to apply.
Next, click OK.
This is how the configuration is set.
How to validate
Open the Active Directory Administrative Center (adac.exe) as an Administrator and navigate to a user that is part of the global group to which a password settings object is scoped to.
On the right site, in the Tasks panel, select View resultant password settings.
If its correctly assigned, you will be thrown back to the PSO configuration screen.
If its not applied, when you click on the View resultant password settings, you will be prompted with this message.
References:
Introduction to Active Directory Administrative Center Enhancements (Level 100)