Fine-grained password policy is an enhancement implemented in Windows Server 2008 that allows defining different password and account lockout policies for different sets of users in an AD domain. In Windows 2000 and Windows Server 2003 Active Directory domains, only one password policy and account lockout policy (specified in the Default Domain Policy) can be applied to all users in the domain.
Correspondingly, you can configure fine-grained password policies for different sets of users in Active Directory domains with a functional level of Windows Server 2008 or higher. For AD domains with a lower functional level, you can only configure the Default Domain Password Policy that is effective for all domain users.
![[Note]](img/note.png) | Note |
|---|---|
| To view or raise the domain functional level, right-click the domain you need, point to All Tasks, and click Raise Domain Functional Level. |
To configure a fine-grained password policy:
Launch the Adaxes Administration Console.
In the Console Tree, expand your service node (the
icon represents service nodes).
Right-click the AD domain, where you want to configure fine-grained password policies, point to All Tasks, and then click Configure Password Policies.
-or-
Select any AD object, and click
on the toolbar.
In the Password Policies dialog that starts:
To create a new password policy, click New. In the New Password Policy dialog that opens, type name for a new password policy, specify necessary settings, and click OK. Then click Add to apply the new password policy to users and groups you need.
For detailed description of password and account lockout settings, see New/Edit Password Policy Dialog.
![[Tip]](img/tip.png)
Tip Fine-grained password policies can be applied to global security groups, users and InetOrgPersons only. Tip If two or more password policies are applied to the same user, this user will be affected with the password policy with a higher precedence. To edit an existing password policy, select the policy you need, and click Edit. In the Edit Password Policy dialog that opens, make necessary changes, and click OK.
For detailed description of password and account lockout settings, see New/Edit Password Policy Dialog.
To modify the precedence of a password policy, select the policy you need, and click
Move up or 
Move down.
Tip The precedence determines which password policy is effective if two or more policies are applied to the same user. To delete an existing password policy, select the policy you need, and click Delete.
When finished, close the dialog.