Hi,
We have a Domain with approx. 50 DC's ( Windows 2003 and Windows 2008). The Domain and Forest levels are 2003. We have a central password policy defined in Domain Policy.
There are certain accounts which have got delegation on OU's in AD. For these admin accounts we want the IT Teams to use Password which is larger than length defined in Password Policy. Is there a way to force them to use minimum length which is higher than Domain Password Policy or is there a way to monitor if they are using the high length password.
I know that we can only have one Password Policy in Windows 2003 Domain. We are in process of upgrading all DC's to Windows 2008/2012. Till the time we upgrade all DC's to at least 2008 and upgrade DFL and FFL to Windows 2008, we cannot use Fine-Grained Password Policies
Please suggest if we can do something in this case. I am checking the Specops Password tool also but as we are already in process upgrading Domain, we do not want to invest in high-end tool like Specops. If there is any low level tool that also will help