By default, AD LDS supports and enforces the password policy settings and account lockout settings that are provided by Windows Server 2008, including the following:
Minimum age
Maximum age
Complexity
History
Too many failed logon attempts
Disabling and enabling of accounts
If the server on which AD LDS is running belongs to a workgroup, the server's local password policy settings and account lockout settings are implemented. If the server on which AD LDS is running belongs to a domain, the password policy settings and account lockout settings from Active Directory Domain Services (AD DS) are implemented
.
A partir deste site - technet.microsoft.com/en-us /library/cc731012(v=ws.10).aspx