Until two factor authentication becomes the norm, character strings will continue to be the primary way in which we ensure security. Therefore having strict policies and procedures in-place to manage passwords is essential. The diagram below graphically illustrates the relative security "values" of Windows Active Directory account types from lowest but most common at the bottom to highest at the peak.
There is a caveat however, if you are in a mixed environment that requires LM or NTLM authentication there is very little you can do against password cracking, widely available tools such as rainbow tables and the inherent insecurity make passwords vunerable. If you are limited to 14 characters, then by all means use them as they are at least prevention against "shoulder surfing" attacks, but be aware that a determined individual with the tools and knowledge and access to your network will likely be able to break passwords.
NTLMv2 brings with it an increase in available password length to 128 characters. Essentially you should be aiming for above 15 characters. Passphrases are the recommended way of securing systems, they are as they sound simply a number of words strung together to form what is basically a long password, but easier to remember.
While they man be languishing at the bottom of our pyramid, user account security should not be overlooked. They may be relatively tightly locked down, but an attacker is looking for any opening. However generally users are quite ingenious when it comes to finding shortcuts to make their lives easier and passwords are just such an area. Overly restrictive minimum password lengths or complexities will encourage users to write then down passwords which only opens a larger hole. Microsoft currently recommend the following default password policy :
We'd be happy to see a longer minimum password length, but you have to know your users and find a happy medium between security and memorability for them. If you make it too difficult they'll resort to sharing passwords and keeping them on post-it notes which isn't good for security.
Local Administrator accounts should, as a rule of thumb, be given a strong password and disabled.
We recommend a 14 character minimum (15 or more if NTLMv2 is available) password length, and maximum complexity. Consider also locking out multiple login attempts.
Service accounts are somewhat different in that you'll almost certainly never actually login using them. Because of the potential for problem, we'd recommend disabling any requirement to change these passwords. Simply set them up with a very long, 30 character is not unreasonable, password containing mixed case alpha-numeric and many non-alphanumeric characters. Make a note somewhere very secure, as it isn't a password you'll want to try and keep in your head. Although you would rely on the ability to use a domain or enterprise admin account to change it, knowing the password will certainly save you time in the event of a problem occuring.
In a well designed forest/domain this account will get used fairly infrequently after the initial setup has been completed. However given it's overarching power it should be treated carefully. You should create a password with the maximum complexity possible and as long as you are comfortable with, certainly in excess of 15 characters and 30 or more would not be unreasonable. Certainly it won't matter if you can't type it too quickly, as you'll never be doing so in the presence of prying eyes hopefully!