Skip to main content

ActivePasswords

Flexible password complexity filters for Active Directory.

ActivePasswords is a Password Complexity Manager, Password Sync Tool and an Account Sync Tool.
 
 
Download trial   Purchase

  • WizardSoft ActivePasswords is a lightweight yet powerful utility for enforcing password strength in Microsoft Active Directory. The installer is just 1.14 MB, but the tool delivers full customization and fine-grained control over password complexity requirements. With ActivePasswords, administrators can centrally define and manage multiple password policies and apply them to specific security groups or organizational units. This makes it easy to align Active Directory password enforcement with organizational security needs. ActivePasswords also supports compliance with NIST SP 800-63 password guidelines, helping organizations strengthen security without disrupting existing Windows infrastructure and at a fraction of the cost of heavier solutions

    Force the use of strong passwords

    ActivePasswords enforces strong password rules for end-users while reducing help desk calls related to password resets. It is a fast, reliable password policy enforcement tool for Windows Server, built in native code for maximum performance. The solution integrates directly with official Windows API hooks and is fully Unicode-aware. Deployment is simple: it requires only a single DLL on your Domain Controllers, with no unnecessary components or software bloat.

    30-Day Free Trial

    A fully functional, no-questions-asked trial is available for download. We recommend reviewing the QuickStart Manual to get up and running quickly. If no license key is entered, ActivePasswords will operate in full mode for 30 days after installation. When the trial expires, the software automatically switches to a basic run-mode. Your servers will continue to function exactly as they did before ActivePasswords was installed, ensuring no disruption.

    Custom Scripting

    ActivePasswords lets you configure custom actions to run whenever a password is changed. This makes it possible to synchronize Active Directory passwords with external applications and services such as Office 365 or Google Workspace, or to trigger any other organization-specific workflow.

    Real Fine-Grained Password Policies

    ActivePasswords allows you to apply detailed password settings to specific security groups or organizational units. When applied to an OU, the policy automatically covers all users in that OU and its sub-containers. The tool integrates with Microsoft Fine-Grained Password Policies (FGPPs) and extends them with its own centralized management interface. Administrators can configure all key parameters—such as maximum password age, lockout thresholds, and complexity rules—through a single, consistent policy management console.

    Password Change Reminders (popup / e-mail)

    ActivePasswords includes a lightweight reminder tool that can run on client computers. Starting a configurable number of days before password expiration (default: 8), it periodically notifies users that their password must be changed. The reminder appears as a clear, customizable pop-up message that cannot easily be ignored. In addition, administrators can configure automatic, customizable e-mail reminders to be sent a set number of days before password expiration—ensuring users are warned in advance and reducing last-minute help desk calls.

    Disable Inactive Accounts

    ActivePasswords can automatically disable user accounts that have not logged on for a defined number of days. This reduces the risk of abandoned or forgotten accounts being abused, while keeping your Active Directory environment clean and compliant with security best practices.

    With ActivePasswords you control the exact complexity requirements that must be met when a domain password is changed or reset. All settings are centrally managed through Group Policy.

    Different password policies can be applied to specific Active Directory security groups or organizational units. For example, in a school environment, students can be assigned simpler password rules, while teachers and staff are required to use stronger ones.

    ActivePasswords integrates with Windows Fine-Grained Password Policies but consolidates all configuration into a single location—the Group Policy Management Console—making administration simpler and more consistent.

    ActivePasswords Settings (all optional)

    ActivePasswords gives administrators full control over password complexity rules. All settings are centrally managed and can be applied flexibly per security group or organizational unit. Available options include:

    • Length & structure

      • Minimum and maximum password length

      • Minimum number of words (enforce passphrases)

      • Minimum number of character categories (uppercase, lowercase, digits, symbols)

    • Character rules

      • Minimum uppercase letters

      • Minimum lowercase letters

      • Minimum special characters (e.g. @, %)

      • Maximum repeated characters (prevents Aaaaaaa1)

      • Maximum sequential characters (prevents 1234Dcba)

      • Disallow spaces

      • Disallow vowels (a, e, i, o, u)

      • Only allow specified characters

      • Forbid specific characters

    • Content restrictions

      • Must not contain parts of the username, first name, or last name

      • Must not contain custom forbidden words (loaded from UTF-8 file or Group Policy)

      • Detects obfuscations/alterations of forbidden words or names

      • Dictionary check: supports lists with tens of thousands of words; words cannot exceed a configurable percentage of the password (e.g. myPassword12 fails if password is blacklisted)

    • Advanced validation

      • Regular expression validation (e.g. abC passes [a-z]b[A-Z]; abc does not)

      • Validate at both password change and reset events

      • Integration with Have I Been Pwned for compromised password checks

    • Policy enforcement

      • Customizable password change policies

      • Password lockout policies

    ActivePasswords Rule Example

    A typical policy might require that:

    • The password includes at least two character categories (e.g. uppercase + lowercase, or lowercase + number).

    • It must not contain the username, first name, or last name.

    • It is at least 8 characters long.

    • It must not contain common words such as password, welcome, login, or company—nor obfuscated variants like P@ssw0rD.

    • Validation is enforced at both password change and reset events.

    Simple Installation

    Deploying ActivePasswords is straightforward: install it on each Domain Controller (Windows Server 2008 R2, 2012 R2, 2016, 2019, and 2022 are fully supported), reboot once, configure your Group Policies, and you’re done. No client-side installation is required.

    Licensing

    ActivePasswords is licensed per enabled and targeted Active Directory user, on a subscription basis. Each subscription includes usage rights, updates, and e-mail support for one year. Pricing starts at $2.20 (€1.90) per user per year (minimum 50 licenses required).

    Educational institutions are eligible for substantial discounts. To inquire, contact us via e-mail using your campus address.

    Download Trial
    QuickStart Manual

    Please contact us via info@wizardsoft.nl should you have any questions or suggestions!

© WizardSoft