Modify AD policies to require complex passwords. The script below will require passwords to be at least 12 characters long.
Set-ADDefaultDomainPasswordPolicy -ComplexityEnabled $true -MinPasswordLength 12Set expiration policies. This forces password changes every 90 days.
Set-ADDefaultDomainPasswordPolicy -MaxPasswordAge 90 -MinPasswordAge 1Reduce the risk of brute-force attacks by locking accounts after five failed login attempts for 30 minutes.
Set-ADDefaultDomainPasswordPolicy -LockoutThreshold 5 -LockoutDuration 30Send a reminder email about strong passwords to keep users aware of security measures.
Send-MailMessage -To "allusers@domain.com" -From "admin@yourdomain.com" -Subject "Password Security Update" -Body "Reminder: Ensure your passwords meet security standards."You can enforce strong passwords in AD by running the script below, which sets the minimum password length to 12:
Set-ADDefaultDomainPasswordPolicy -MinPasswordLength 12 -ComplexityEnabled $trueYou can block weak passwords by running the script below, which sets the minimum password length to 14:
New-ADFineGrainedPasswordPolicy -Name "StrictPolicy" -MinPasswordLength 14Use password auditing tools like ManageEngine ADSelfService Plus or PowerShell scripts to detect insecure passwords.
