In Windows Server 2012 or Windows Server 2012 R2, fine-grained password policy management is made much easier than Windows Server 2008/2008 R2. Windows Administrators not have to use ADSI Edit and configure complicated settings to create the Password Settings Object (PSO) in the Password Settings Container. Instead we can configure fine-grained password policy directly in Active Directory Administrative Center (ADAC).
Before you can create fine-grained password policies for a domain, you must ensure that the domain functional level is Windows Server 2008 or newer. This can be done using either ADAC or Windows PowerShell . Note that Domain Admin credentials or greater are required to raise the domain functional level for a domain.
In order to configure fine-grained password policy, go to Windows Server 2012 Server Manager, select Active Directory Administrative Center (ADAC) from the Toolsmenu.
Navigate to System container then Password Settings Container
Click on New and then select Password Settings.
In the Create Password Settings windows, you can specify all the familiar password policy settings by using a user-friendly single screen interface.
Finally, click Add, and locate the group or groups you want the policy to apply to. Then click OK to create the new policy.
Note:
You can also use Windows PowerShell to create, modify, or delete fine-grained password policies for your domain. For example, you can use the New-ADFineGrainedPasswordPolicy cmdlet to create a new fine-grained password policy. You can also use the Set-ADFineGrainedPasswordPolicy cmdlet to modify an existing fine-grained password policy. And you can use the Remove-ADFineGrainedPasswordPolicy cmdlet to delete a fine-grained password policy that is no longer needed in your environment. Use the Get-Help cmdlet to display the syntax and examples for each of these cmdlets.
