Minimum length limited to 14 characters
Via the Default Domain Policy the minimum length can be determined individually. Who sets the policy to a minimum length of 15 characters, automatically falls back to 7 characters and thus has a security problem!
The minimum length may thus currently be set to a maximum of only 14 characters.
In the Default Domain Policy I set the password length to a minimum length of 15 characters and a minimum age of 0 days, so that I can test with the user even more extensively.
Now reset the password of the user Jörn Walter and assign a password with only 8 characters. See for yourself!
Now I set the minimum password length to 14 characters in the Default Domain Policy.
Reset the password of the user Jörn Walter and try to assign a new password with less than 14 characters. This is not allowed now because the minimum length of 14 characters was not met and the policy is valid.
This clearly shows that as soon as you select a minimum length of 15 characters, the guideline has practically no effect and falls back to the default value of 7 characters.
I have the topic of Günter Born picked up because I could not believe it.