Pricing  Get Quote
 
 

Knowledge Base

Home » Knowledge Base » Enforce password history Active Directory

How to enforce password history in Active Directory

By design, Active Directory does not permit password history checks during password resets. While you can enforce password history in Active Directory during password changes, the same does not apply when users reset their passwords. To bridge this gap, ADSelfService Plus. offers the Password Policy Enforcer, which lets administrators check the password history stored in its database during resets, effectively preventing users from reusing expired or previously used passwords.

This ability to enforce password history Active Directory resets ensures that users create strong, fresh passwords, reducing the risk of unauthorized access due to predictable credentials. It also helps organizations maintain compliance with security standards and password management best practices.

Please note that the password history option is only applicable for password resets performed through ADSelfService Plus.

Here's how you can enable this feature in ADSelfService Plus:

  1. Log in to ADSelfService Plus with administrator credentials.
  2. Navigate to Configuration > Self-Service > Password Policy Enforcer.
  3. Select an appropriate policy from the drop-down list.
    Note: To create or edit a policy, navigate to the Configuration tab and go to Self-Service > Policy Configuration. You can either create a new self-service policy by clicking the +Add New Policy button or by editing the existing default policy. For detailed steps, Learn more on self-service policy settings.
  4. Check the Enforce Custom Password Policy box.
  5. Click Restrict Repetition.

    Setting up restrictions for password history enforcement in ADSelfService Plus

    Fig. 1: Steps to configure the Password Policy Enforcer and restrict old password repetition.

  6. Check the Number of old passwords to be restricted during password reset box and select the number of previous passwords to compare against the new one. ADSelfService Plus can check the password history of up to the last 24 passwords.
  7. Click Save.

Once successfully configured, users will be prevented from reusing previous passwords during resets, promoting stronger security. Additionally, ADSelfService Plus stores the SHA-512 hash of the passwords in its database to ensure the highest level of security and prevent unauthorized access to stored passwords.

For further assistance, please contact us at support@adselfserviceplus.com.

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  •  
  • Business Email *
  •  
  • Phone *
  •  
  • Problem Description *
  •  
  • Country
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.
Highlights of ADSelfService Plus

Password self-service

Allow Active Directory users to self-service their password resets and account unlock tasks, freeing them from lengthy help desk calls.

One identity with single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications using their Active Directory credentials.

Password and account expiry notification

Intimate Active Directory users of their impending password and account expiry via email and SMS notifications.

Password synchronization

Synchronize Windows Active Directory user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.

Password policy enforcer

Strong passwords resist various hacking threats. Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements.

Directory self-update and corporate directory search

Enable Active Directory users to update their latest information themselves. Quick search features help admins scout for information using search keys like contact numbers.

« Home
Knowledge Base »

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Password management Adaptive MFA Enterprise SSO Self-service & security Related products