Pricing  Get Quote
are the keys to accessing organizational resources.

While it's common knowledge that passwords used by employees can make or break data security, employees often don't follow good password hygiene. From setting weak and generic passwords to lax password policy rules in native tools like Windows Active Directory Group Policies, several factors pose a serious threat to password security and put organizations' data at risk of exposure.

The need for stringent password policies

Active Directory password
policy requirements

  • Minimum
    password length
    Sets the minimum number of character that must be used in the password. 
  • Minimum
    password age
    Decides how long a user has to wait before changing their password. This ensures that the user doesn't change their password too often. 
  • Maximum
    password age
    Decides when a password expires. This is important to ensure that passwords are changed regularly. 
  • Password complexity
    Decides the character composition of the password. It also defines what shouldn't be part of the passwords, including dictionary words or patterns. 
  • Password history
    Decides how long a user has to wait to reuse a password. 
  • Reversible encryption
    for storing passwords
    Decides whether passwords are stored with or without encryption. 

Why Active Directory password
policies aren't enough

  • The password policies cannot be applied to specific OUs.
  • Dictionary words, patterns, and palindromes cannot be restricted.
  • Consecutive repetition of the same character cannot be prevented.
  • The password policy cannot be enforced during password reset by admins in the Active Directory Users and Computers (ADUC) console.
  • The Password must meet complexity requirements policy setting cannot mandate the number of characters from a certain character type.

Restrict passwords with commonly used words and patterns

Download now

Prevent password attacks with
ADSelfService Plus

ManageEngine ADSelfService Plus' Password Policy Enforcer overcomes these issues and allows you to enforce a custom password policy that seamlessly integrates with the native Active Directory password policies. It fortifies your Active Directory passwords to ensure your organization is secure. ADSelfService Plus' password policies can be set to enforce the following requirements:

  • Restrict characters

    The password policy rules include mandating the number of special, numeric, and Unicode characters. You can also set the type of character the password must begin with.

  • Restrict length

    The password policy rules let you set both a minimum and maximum number of characters for the password.

  • Restrict pattern

    The password policy rules help restrict custom dictionary words and patterns that are commonly used in the organization as well as palindromes.

  • Restrict repetition

    The password policy rules help restrict the use of consecutive characters from usernames or previous passwords. Consecutive repetition of the same character can also be restricted.


Benefits of
ADSelfService Plus'
Password Policy Enforcer


Implement granular password policies

Set password policies for
OUs and groups, separate from the one set for the domain.


Help users pick strong passwords

Display policy requirements on the reset and change password pages to ensure users know the password policy rules.


Analyze password strength

Enable the Password Strength Analyzer to automatically display the strength of the password provided by the user during password change and reset.


Meet regulatory compliance standards

Create password policies that comply with NIST, HIPAA, GDPR, CJIS, and other regulations.


Encourage passphrases

Enable users to create long and secure passphrases by overriding the password policy rules if the password is beyond a specific length.


Enforce policies universally

Enforce your policy for password changes from the Ctrl+Alt+Del screen and during ADUC password resets.


Enhance user experience

Make strong passwords more attainable by setting the number of complexity requirements the user must adhere to while letting them select the requirements.

Other password security features in
ADSelfService Plus

Integration with the Have I been Pwned? service, which bans the use of passwords involved in previous hacks and prevents credential stuffing attacks.
A password sync feature that ensures all enterprise applications use the same secure password.

ADSelfService Plus Trusted by

Utilize advanced password policy settings and ban common words, patterns, and more.

Try ADSelfService Plus Now! Get Quote
A single pane of glass for
complete self service password management







A single pane of glass for complete self service password management




ADSelfService Plus trusted by

A single pane of glass for complete self service password management