Password history in Active Directory

active-directory password-policy

We are considering enabling "Enforce password history" on our Active Directory, the password is now maintained by another IAM system, but we are looking into changing it to AD/AAD.

Users has been changing passwords for years now in a different system, and the password change has been sent to AD. AD has not enforced password history.

Question 1: Does AD record the used password over time, even if Enforce password history is not enabled. So when enabling "enforce password history", the previous passwords cannot be reused within the policy setting for password history? Meaning they can not reuse a password set years ago.

Question 2: Setting the password through administrative resets (eg. powershell, etc.) and since they are not subject to age or history requirements.. But are they "added to password history" for the user?

My questions is probably dumb and easy, but googling it just end up with endless articles concerning "Enforce password history". And this feature is important to us, so I need to know for certain. Sometimes you just have to ask the stupid questions...


Solution 1:

Q1 - no, enabling history will not see passwords that have been used before enabling it.

Solution 2:

As with all password changes, a password that is used during an administrative password reset is included in the password history of an account, as long as Active Directory is configured to enforce password history.

It is easy enough to test.

Related

Is openssh-server safe on a local network? [closed]
Error getting the correct Python3 dependency
How to acquire a public IPv4 and apply it to ubuntu server? [closed]
Require root password when executing "sudo -s"
How to show that if $x, y, z\in\mathbb R^n$ and $\langle x, z\rangle=\langle y, z\rangle=0\implies x=\lambda y$?
Every closed set is a boundary [duplicate]
Understanding a proof of Wedderburn in Topics in algebra
Power series of $\frac{x+1}{x^2+5}$
Orthogonal projection of a point onto a line
How far can I go with the integral $\int \frac{\sin ^{n} x \cos ^{n} x}{1-\sin x \cos x} d x, $ where $n\in N$?
Calculate conditional expectation with respect to a sigma algebra
Uniformly equicontinuous sequence of functions that does not converge uniformly