Pricing  Get Quote
 
 

How to blacklist weak Active Directory passwords

The following is a comparison between blacklisting Active Directory domain passwords with Windows PowerShell and ADSelfService Plus:

With PowerShell

Blacklist weak Active Directory passwords in a domain

It is not possible using PowerShell

With ADSelfService Plus

Configure a custom password policy via the Password Policy Enforcer

  • Go to ADSelfService Plus admin portal.
  • Navigate to Configuration > Self-Service > Password Policy Enforcer.
  • Enable Enforce Custom Password Policy.
    password-blacklist-powershell-1
  • Enable restrict keyboard sequences, dictionary words, and palindromes.
    password-blacklist-powershell-2
  • Use the default dictionary or you can also add a custom dictionary of your choice.
    password-blacklist-powershell-3
  • Click Save.

Breached password restriction

  • Log in to ADSelfService Plus with admin credentials.
  • Go to Admin > Product Settings > Integration Settings > Have I been Pwned?
  • Select Enable HaveIbeenPwned Integration.
    password-blacklist-powershell-4

What using breached passwords affect password security?

  • Hackers use cyberattacks like brute force to breach user account passwords. This process, although laborious, is highly effective as users are susceptible to using weak passwords.
  • Once these passwords are breached, and hackers gain access to the organization's network, the heath of the organization security is at risk.

What are the limitations of Windows PowerShell for improved password security?

  • It doesn't support native blacklisting of Active Directory passwords.
  • It doesn't allow admins to enforce password policies based on OU or domain or group memberships.
Benefits of ADSelfService Plus

Apart from being easy to configure, ADSelfService Plus has several advantages when compared to PowerShell scripts.

  • Advanced password policy settings:

    Admins can create custom password policies from the advanced password policy controls that bans weak passwords, palindromes, etc.

  • Universal enforcement:

    Admins can enforce custom password policies during self-service password reset and password change for both Active Directory and cloud applications.

  • Improves IT security:

    Provides advanced multi-factor authentication techniques including biometrics and YubiKey for securing cloud apps.

  • Improves the user experience:

    Users can perform self-service password reset from multiple access points such as their login screens or a secure web-portal.

Give hackers a run for their money with improved password security.

  Get 30-day free trial.
  • Embark on your script-free AD Self-service password management with ADSelfService Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

    Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link