The Fallacy of the Complicated Password
Setting policy that requires your employees to use complicated passwords is based on flawed thinking.
Security people often set password policies to require what they call a "complicated" password. To a hacker it's not complicated at all. Only people are bothered by that.
So management says that "28llTTT!" is better than "pet_name", because it's more "complicated."
But making a user create an impossible-to-remember password like that just makes them do what they are not supposed to do, which is write it down.
There is only one thing that matters when it comes to protecting passwords from brute force attack: that is length. If there are 256 letters in the ASCII character set, then there are 256 more possible passwords for each character that you add.
Thus, the ideal passwords are sentences and not words, because sentences are long.
So use something like this: "image_all_the_people_living_in_harmony".
Any John Lennon fan can remember that. So they will not write it down. So if a hacker storms into your company and steals all your documents, they cannot find that. Also a hacker walking around your office cannot read the password off the user's desk.
That password above is 102 letters long. There are 26 raised to the 102nd power possible combinations for a password of that length. That's 2 following by 102 zeroes. That's not as many as in Borge's Library of Babel (I leave it to you to look that up, and recommend you read that short story.). But know that it would take many days of computer time to crack that.
What to Do if You Must Write it Down
Now, if you use John Lennon's lyric for your Active Directory LAN password or, say, Google Docs, then you can still write down the other ones you need and over which you have no control, such as the password your company has set for Oracle. Write it down and put it in a document protected by a sentence.
You can even safely store than one offline. Download that document. Then encrypt it with openssl. Delete the downloaded document and upload the encrypted one to Dropbox. You will never lose it and a hacker will never read it.