Thursday, February 24, 2011

Modify the Default Domain Password Policy

Modify the Default Domain Password Policy

This topic explains how to use the Active Directory module for Windows PowerShell to modify the default domain password policy.

Example

The following example demonstrates how to modify the default domain password policy for the Fabrikam.com domain:
Set-ADDefaultDomainPasswordPolicy -Identity fabrikam.com -PasswordHistoryCount 10 –MinPasswordLength 7 -MinPasswordAge 1.00:00:00 -MaxPasswordAge 30.00:00:00 -LockoutObservationWindow 0.00:10:00 -LockoutThreshold 15

Additional information

You can use the following parameters when you set many of the common values that are associated with a fine-grained password policy:
  • -ComplexityEnabled
  • -Description
  • -DisplayName
  • -LockoutDuration
  • -LockoutObservationWindow
  • -LockoutThreshold
  • -MaxPasswordAge
  • -MinPasswordAge
  • -MinPasswordLength
  • -PasswordHistoryCount
  • -ReversibleEncryptionEnabled
For a full explanation of the parameters that you can pass to Set-ADDefaultDomainPasswordPolicy, at the Active Directory module command prompt, type Get-Help Set-ADDefaultDomainPasswordPolicy –detailed, and then press ENTER.
Posted by ITKB at 11:50 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)