question

GilbertoFernandezGarza-2537 avatar image
0 Votes"
GilbertoFernandezGarza-2537 asked Dev073 answered

Active Directory Security

Hi

I am working on a security guideline for Active Directory, however I haven't found a good reference to establish: (1) Minimum length for administrator password in AD and, (2) Expiration time of administrator accounts in AD

Do you know a best practice for these parameters?

Thanks

Regards

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Dev073 avatar image
0 Votes"
Dev073 answered

Hi @GilbertoFernandezGarza-2537 , thanks for the post.

Password and Account security guidelines is differ base on the organisation security and compliance requirements.

standards like NIST, CIS, ISO are some of the security framework and guidelines for improving overall security and compliance based on org needs..

Generally I would recommend to rename the default administrator account in AD to something to non obvious usernames instead of administrator and the rest will be configured through AD password policy domain level. Set password length to 14 with expiration of 60 days. Again this will change based on org needs and there are multiple other policy setting needs to be considering while setting the password policy for better security.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.