Pricing  Get Quote

Password Policy Enforcer Configuration

ADSelfService Plus' Password Policy Enforcer enables admins to utilize advanced password policy controls like banning weak passwords and keyboard sequences for users' Active Directory (AD) on-premises account, and cloud accounts including Microsoft 365 (formerly Office 365) and G Suite. Moreover, admins can enforce different sets of password policy controls for different users based on their OU and group membership.

What is the Password Sync Agent?

ADSelfService Plus' Password Sync Agent, when installed on the domain controllers in your domain, intercepts native password changes via Ctrl+Alt+Del screen and password reset by admins in ADUC console, encrypts the new passwords, and automatically synchronizes them with multiple systems and applications.

This document details the steps to enforce a custom password policy via ADSelfService Plus to ensure users use strong passwords.

Before you begin

Configuring the password sync agent

  • Install the password sync agent (Location: <installation_folder>\bin\ ) using the command prompt with admin credentials > click Next.
  • Select the Protocol (HTTP or HTTPS) used in ADSelfService Plus.


  • Enter the IP address and Port Number of the server on which ADSelfService Plus is installed, then click Next.


  • Once the installation is complete you must restart the domain controller for the Password Sync agent to start working.

Note: By default, the password sync agent will be installed in the following location:

  • In 64-bit systems - C:\Program Files (x86)\ZOHO Corp\Password Sync Agent
  • In 32-bit systems - C:\Program Files\ZOHO Corp\Password Sync Agent

Making changes to the Password Sync Agent

In the case that you have given incorrect details during installation or moved ADSelfService Plus to a new server, then the changes must be reflected on the password sync agent for it to work properly. To do so, follow the steps given below:

  • Right-click the Password Sync Agent icon on the System tray and select Edit Settings. The Edit Settings dialog box will open.
  • Enter the Server Name / IP Address and Port Number and Protocol (HTTPS/HTTP) used by ADSelfService Plus.
  • Click Save

The new details will now be updated in Password Sync Agent.

Upgrading or reinstalling the password sync agent:

To upgrade the password sync agent to a newer version or to reinstall the agent on an existing machine, follow the steps listed below:

  • Uninstall the password sync agent from the control panel.
  • Install the password sync agent from the new MSI.

Note: Do not repair password sync agent directly from the new MSI file.

Steps for creating a custom password policy for native password changes and ADUC password resets

  1. Navigate to the Configuration tab. Under the Self-Service section, select the Password Policy Enforcer.
  2. Enable Enforce Custom Password Policy.
  3. In this section, you can manage:
    • Characters: Restrict the number of special characters, numbers, and Unicode characters used in passwords.


    • Repetition: Enforce a password history check during password reset, and restrict the consecutive repetition of a specific character from the username (e.g. “aaaaa” or “user01”).


    • Patterns: Restrict keyboard sequences, dictionary words, and palindromes.


    • Length: Specify the minimum and maximum password length.


  4. You can also enable users to bypass complexity requirements when the password length exceeds a predefined limit.
  5. Enter the number of policy settings the users' password must comply with during self-service password reset and password change operations.
  6. Enforce the configured password policy settings during password resets from the ADUC console and the change password screen.
  7. To help users create passwords that comply with the enforced policy settings, you can display the password policy requirement on the reset and change password pages.

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  • Business Email *
  • Phone *
  • Problem Description *
  • Country
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust