ADLDS and Password Policies

Have you ever thought about how password policies are managed in ADLDS ? This short article will describe how it works.

When host server of the ADLDS instance is domain member, domain password policies are applied.  Host server in workgroup is using local password policies. To ignore inherited domain password policies can be done by using ADSIEdit.
Open ADSIEdit and connect to the Configuration naming context on the LDAP server., please find path below.

On the object:
CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,CN={guid},
there is a multi-valued attribute called msDS-Other-Settings. The attribute ADAMDisablePasswordPolicies has by default value 0, set value to 1 means disable inheritance from domain and start using local password policies of the host server.