Thursday, February 24, 2011

Search ,Modify ,Apply ,Remove ,Delete a Fine-Grained Password Policy

Search for Fine-Grained Password Policies

This topic explains how to use the Active Directory module for Windows PowerShell to search for fine-grained password policy policies.

Example

The following example demonstrates how to search for the fine-grained password policies in the Fabrikam.com domain:
Get-ADFineGrainedPasswordPolicy -Filter 'Name -like "*"' | ft Name, Precedence,MaxPasswordAge,MinPasswordLength -A

Additional information

For a full explanation of the parameters that you can pass to Get-ADFineGrainedPasswordPolicy, at the Active Directory module command prompt, type Get-Help Get-ADFineGrainedPasswordPolicy –detailed, and then press ENTER.

Modify a Fine-Grained Password Policy

This topic explains how to use the Active Directory module for Windows PowerShell to modify a fine-grained password policy.

Example

The following example demonstrates how to modify the minimum password length and password history count of the fine-grained password policy DomainUsersPSO:
Set-ADFineGrainedPasswordPolicy "DomainUsersPSO" -MinPasswordLength 8 -PasswordHistoryCount 24

Additional information

You can use the following parameters when you set many of the common values that are associated with a fine-grained password policy:
  • -ComplexityEnabled
  • -Description
  • -DisplayName
  • -LockoutDuration
  • -LockoutObservationWindow
  • -LockoutThreshold
  • -MaxPasswordAge
  • -MinPasswordAge
  • -MinPasswordLength
  • -PasswordHistoryCount
  • -ReversibleEncryptionEnabled
For a full explanation of the parameters that you can pass to Set-ADFineGrainedPasswordPolicy, at the Active Directory module command prompt, type Get-Help Set-ADFineGrainedPasswordPolicy –detailed, and then press ENTER.

Apply a Fine-Grained Password Policy

This topic explains how to use the Active Directory module for Windows PowerShell to apply a fine-grained password policy.

Example 1

The following example demonstrates how to apply the fine-grained password policy DomainUsersPSO to the global security group Domain Users:
Add-ADFineGrainedPasswordPolicySubject DomainUsersPSO -Subjects 'Domain Users'

Example 2

The following example demonstrates how to apply the fine-grained password policy DlgtdAdminsPSO to two users with the samAccountName(s) BobKe and KimAb:
Add-ADFineGrainedPasswordPolicySubject DlgtdAdminsPSO -Subjects BobKe,KimAb

Additional information

For a full explanation of the parameters that you can pass to Add-ADFineGrainedPasswordPolicySubject, at the Active Directory module command prompt, type Get-Help Add-ADFineGrainedPasswordPolicySubject –detailed, and then press ENTER.

Remove a Fine-Grained Password Policy

This topic explains how to use the Active Directory module for Windows PowerShell to remove a fine-grained password policy from a user in Active Directory Domain Services (AD DS).

Example

The following example demonstrates how to remove the fine-grained password policy DlgtdAdminsPSO from two users, BobKe and KimAb:
Remove-ADFineGrainedPasswordPolicySubject DlgtdAdminsPSO -Subjects BobKe,KimAb

Additional information

For a full explanation of the parameters that you can pass to Remove-ADFineGrainedPasswordPolicySubject, at the Active Directory module command prompt, type Get-Help Remove-ADFineGrainedPasswordPolicySubject –detailed, and then press ENTER.

Delete a Fine-Grained Password Policy

This topic explains how to use the Active Directory module for Windows PowerShell to delete a fine-grained password policy.

Example

The following example demonstrates how to delete the fine-grained password policy DlgtdAdminsPSO:
Remove-ADFineGrainedPasswordPolicy -Identity DlgtdAdminsPSO

Additional information

For a full explanation of the parameters that you can pass to Remove-ADFineGrainedPasswordPolicy, at the Active Directory module command prompt, type Get-Help Remove-ADFineGrainedPasswordPolicy –detailed, and then press ENTER.

No comments:

Post a Comment