Create a New Fine-Grained Password Policy
This topic explains how to use the Active Directory module for Windows PowerShell to create a new fine-grained password policy.
Example 1
The following example demonstrates how to create a new fine-grained password policy for the domain users in the Fabrikam.com domain:
New-ADFineGrainedPasswordPolicy -Name "DomainUsersPSO" -Precedence 500 -ComplexityEnabled $true -Description "The Domain Users Password Policy"-DisplayName "Domain Users PSO" -LockoutDuration "0.12:00:00" -LockoutObservationWindow "0.00:15:00" -LockoutThreshold 10 -MaxPasswordAge "60.00:00:00" -MinPasswordAge "1.00:00:00" -MinPasswordLength 8 -PasswordHistoryCount 24 -ReversibleEncryptionEnabled $false
New-ADFineGrainedPasswordPolicy -Name "DomainUsersPSO" -Precedence 500 -ComplexityEnabled $true -Description "The Domain Users Password Policy"-DisplayName "Domain Users PSO" -LockoutDuration "0.12:00:00" -LockoutObservationWindow "0.00:15:00" -LockoutThreshold 10 -MaxPasswordAge "60.00:00:00" -MinPasswordAge "1.00:00:00" -MinPasswordLength 8 -PasswordHistoryCount 24 -ReversibleEncryptionEnabled $false
Example 2
The following example is a sample script that demonstrates how to create a new fine-grained password policy from a template:
C#
$templatePSO = New-Object Microsoft.ActiveDirectory.Management.Commands.ADFineGrainedPasswordPolicy $templatePSO.ComplexityEnabled = $true $templatePSO.LockoutDuration = [TimeSpan]::Parse("0.12:00:00") $templatePSO.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00") $templatePSO.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00") $templatePSO.LockoutThreshold = 10 $templatePSO.MinPasswordAge = [TimeSpan]::Parse("0.00:10:00") $templatePSO.PasswordHistoryCount = 24 $templatePSO.ReversibleEncryptionEnabled = $false New-ADFineGrainedPasswordPolicy -Instance $templatePSO -Name "SvcAccPSO" -Precedence 100 -Description "The Service Accounts Password Policy" -DisplayName "Service Accounts PSO" -MaxPasswordAge "30.00:00:00" -MinPasswordLength 20 New-ADFineGrainedPasswordPolicy -Instance $templatePSO -Name "AdminsPSO" -Precedence 200 -Description "The Domain Administrators Password Policy" -DisplayName "Domain Administrators PSO" -MaxPasswordAge "15.00:00:00" -MinPasswordLength 10
Additional information
You can use the following parameters when you set many of the common values that are associated with the creation of a new fine-grained password policy:
- -ComplexityEnabled
- -Description
- -DisplayName
- -LockoutDuration
- -LockoutObservationWindow
- -LockoutThreshold
- -MaxPasswordAge
- -MinPasswordAge
- -MinPasswordLength
- -PasswordHistoryCount
- -ReversibleEncryptionEnabled
No comments:
Post a Comment