-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Any way to wipe out all remembered passwords in AD?
- Thread starter Joemonkey
- Start date
spyordie007
Diamond Member
For what reason are you trying to do this?
According to my fellow MVP Joe Richards it's not possible:
http://forums.techarena.in/showthread.php?t=704319
I imagine if you wanted to you could migrate the accounts out/in, that would clear the history but would be a pretty extreme step to take.
According to my fellow MVP Joe Richards it's not possible:
http://forums.techarena.in/showthread.php?t=704319
I imagine if you wanted to you could migrate the accounts out/in, that would clear the history but would be a pretty extreme step to take.
RebateMonger
Elite Member
I'm assuming you mean the "Enforce Password History" Domain Group Policy? You can disable that. Just be sure you set the right Policy. Only the DOMAIN policy will be recognized for password policies.
RebateMonger
Elite Member
I'm not sure that's the case. From your initial description, I thought you just wanted to disable the Password History function completely.
Can't you accomplish what you need to either turning OFF the History, or by telling it just to remember a few past passwords?
Personally, I prefer to require (non-complex) LONG passwords (14 characters appears to be the maximum length that can be specified by Server 2003) and to allow fairly long password change intervals. When you require frequent changes, all people do is add a "1" or a "2" to their previous password, making it easy to guess the next password. I consider the "password history" function a not-as-useful-as-you-might-think feature from a security standpoint. If you tell me somebody's last password, I'm pretty sure I can guess their current password.
spyordie007
Diamond Member
I'm pretty sure that's not the case, though depending on how the data is stored (with an append versus a set) if the password is changed and than the policy is re-enabled you might get somewhere; obviously this would need to be tested.
If you haven't noticed this is one part of how AD stores data that I'm less than clear about and I haven't found any good documents that detail how the process works. This is one of those areas that very few people know well...
...which leads me back to my original question, why do you want to do this?
EDIT: apparently I took too long to write my post, see RMs post above.
Joemonkey
Diamond Member
I wish people wouldn't focus on the why so much, it isn't my decision to do it its just been delegated to me to make it happen. But anyway, here's the cliffs of why:
AD Currently set to remember last 4 passwords
Company purchased software to synchronize passwords between 3 separate systems, AD and 2 others.
Each system has its own "password memory" option
All future password rules are being controlled by AD
We're trying to give everyone a clean slate of "remembered" passwords to make the transition easier
AD Currently set to remember last 4 passwords
Company purchased software to synchronize passwords between 3 separate systems, AD and 2 others.
Each system has its own "password memory" option
All future password rules are being controlled by AD
We're trying to give everyone a clean slate of "remembered" passwords to make the transition easier
RebateMonger
Elite Member
Joemonkey,
There can be several reasons for asking "Why?". The main reason is so that the right question is answered. It's easy to compose a huge answer for somebody, but the answer isn't for the correct question.
Sometimes, "Why?" is a polite way to see if the person asking the question has any idea what he/she is doing. That's not the case this time.
It's not intended as an insult.
But, on the other hand, if some stranger asks me for free help, I believe I have the "right" to ask questions in exchange. I don't have much patience for people who ask for help, and then become insulted when they, in turn, are asked a question or are advised that they may be on the wrong track.
Again, I'm not saying this is the case here. I'm just explaining why the "Why?" question is asked.
RebateMonger
spyordie007
Diamond Member
RebateMonger hit the nail on the head, I only have one thing to add:
An easy option would be to seriously relax the policy for period of time (say 1 or 2 remembered passwords for the period it would normally take them to cycle through). You could than bump up the policy...
-Agent Smith
An easy option would be to seriously relax the policy for period of time (say 1 or 2 remembered passwords for the period it would normally take them to cycle through). You could than bump up the policy...
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
