01-11-2016 12:49 AM - edited 03-10-2019 11:22 PM
Hi All,
Given that Microsoft Active Directory has two limitations as follows:
Accordingly i need your help if there is solution can modify password policy on the Active Directory
Thanks a lot in advance
01-11-2016 01:46 AM
Perhaps you better ask in a Microsoft forum. There you'll probably get more detailed help.
At least your problem should be possible to solve with the help of password-filters.
01-11-2016 01:51 AM
Thanks Karsten,
I think you got my question wrong as i'm asking if there is Cisco AAA Solution (e.g. ISE, ACS) can do these requirements.
01-11-2016 02:00 AM
Ok, the password policy in ISE could match your needs, but it's always the policy of the authentication system that enforces the policy. If your users are in AD, then the AD-rules are in place. Only if your users are local to the ISE, these rules are enforced. That's probably not what you want to have.
01-11-2016 02:14 AM
Unfortunately Yes, Users should be kept on AD , i'm wondering if there is Solution can do these requirements while remaining Users Database on AD itself.
01-11-2016 03:55 AM
nFront has a solution (shows up through an easy google-search), there a probably many more.
01-11-2016 04:50 AM
Thanks again Karsten,
i'm targeting Cisco Solution , not any software
your help is appreciated and i will keep looking for another solution
01-11-2016 05:58 AM
Hi Mohamed,
From the discussion, I understood that you want the users to be kept on the AD however the password policy defined on AD has few limitations and you want the authentication server to overwrite the password policy for the authentication query while communicating to the AD. Well that would not be possible. The password policy will be checked for the identity store you have selected on ACS/ISE/ 3rd party AAA server. That means if on ACS server you authentication settings have LOCAL database as an identity store then local database password policy will be applied and if you have AD configured then its own password policy. You need to find out if the above 2 password policy requirements can be modified on the AD itself.
Regards - Jatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide