How to Disable or Relax Password Policy in Windows Server (Active Directory Domain)

Important:

You cannot completely remove the password policy, but you can set it to minimal values so it behaves like “disabled.”

Method 1 — Change Password Policy in Default Domain Policy

Open Group Policy Management

On your domain controller:

Press Win + R
Type: gpmc.msc
Press Enter

Edit the Default Domain Policy

Navigate to:

Forest  
 └── Domains  
      └── yourdomain.local  
            └── Default Domain Policy

Right-click Default Domain Policy → Edit

Go to Password Policy

Inside the GPO editor:

Computer Configuration  
 └── Policies  
      └── Windows Settings  
           └── Security Settings  
                └── Account Policies  
                     └── Password Policy

Set all password requirements to the minimum

Configure:

Setting

Set to

Enforce password history

Maximum password age

0 (password never expires)

Minimum password age

Minimum password length

Password must meet complexity requirements

Disabled

Store passwords using reversible encryption

Disabled

This effectively removes constraints so Entra ID password changes synchronize freely.

Update policy

Run on the domain controller or client:

gpupdate /force

PreviousHow to Automatically Free User Resources on Windows Server After Logout or Disconnection NextServices

Last updated 2 months ago

hashtagImportant:

hashtagMethod 1 — Change Password Policy in Default Domain Policy

hashtagOpen Group Policy Management

hashtagEdit the Default Domain Policy

hashtagGo to Password Policy

hashtagSet all password requirements to the minimum

hashtagUpdate policy