Active Directory password rules

On a stand alone Windows Server GPEDIT.MSC can be used to configure password settings. However on a Domain Controller, such settings need to apply across the entire Windows Domain. Just as promoting a stand alone server to a DC removes the ability to configure Local Users (they no longer exist), so it removes the ability to configure local passwords; there's no 'local' any more.

Open Active Directory Users and Computers | right click on the Domain | select the Group Policy tab | select the GPO | click edit to open the Group Policy Editor.

Password policies are part of the Account Settings group and take effect only when you set them at domain level; they won't be implemented if you set them at site or organizational unit (OU) levels.

Select Computer Configuration | Windows Settings | Security Settings | Account Policies | Password Policy. Double-click the relevant settings and set them to the settings you want (Minimum password length, Maximum password age, etc..) Close the GPE when finished.

Here's an example configuring LOCAL settings (GPEDIT.MSC) under Windows 2000 Server..

Change password details