The ideal password is over 14 characters long, with a mixture of upper and lower case letters, numbers, and special characters. But many users are allowed to use weak passwords based on the weak password policy. Weak passwords are an open invitation for hackers to exploit user accounts and gain access to the corporate network.
The IT admin's job is to ensure that every user account in Active Directory is secured with a strong password. Unfortunately, the default domain password policy, which admins use to enforce password rules in Active Directory, is usually not configured to force good passwords, and in many cases does not even provide the needed controls to strong passwords.
Luckily, there's a free tool from ManageEngine that can help you determine who is using weak passwords. The Weak Password Users Report helps you find weak passwords in Active Directory by comparing users’ passwords against a list of over 100,000 commonly used weak passwords. When it finds a match, the report will display the users' details. You can then force the users with weak passwords to change their passwords the next time they log on, or use a password management solution—such as ADSelfService Plus—to granularly enforce a much stronger password policy.