Retrieving Domain Password Policies

AD cmdlets 1.1 add a few nifty features which let you easily access password-related settings of your domain. Basically, all related properties are just a part of the attributes domain objects have, so you can do:

[PS] C:\>Get-QADObject scorpio.local/ | Format-List Name, *Password*, *Lockout*

Name                     : scorpio
MinimumPasswordAge       : 1 days
MaximumPasswordAge       : 42 days
PasswordHistoryLength    : 24 passwords remembered
MinimumPasswordLength    : 1 characters
LockoutDuration          : 30 minutes
LockoutTreshold          : 0 invalid logon attempts
ResetLockoutCounterAfter : 30 minutes

Or if you do not want to specify the domain name explicitly:

[PS] C:\>(Get-QADRootDSE).Domain | Format-List Name, *Password*, *Lockout*

Name                     : scorpio
MinimumPasswordAge       : 1 days
MaximumPasswordAge       : 42 days
PasswordHistoryLength    : 24 passwords remembered
MinimumPasswordLength    : 1 characters
LockoutDuration          : 30 minutes
LockoutTreshold          : 0 invalid logon attempts
ResetLockoutCounterAfter : 30 minutes

Another tip is that you can actually get a hold of the Domain property for any AD account: e.g. user.

So if you have:

$user = Get-QADObject 'Dmitry Sotnikov'

And want to learn the password policies you can just do:

$user.Domain | Format-Table Name, *Password*, *Lockout*

Nice and easy!

This all applies to domain policies. Fine-grained password policies have their own set of cmdlets as well.

Tags: , , , , , ,

0 Responses to “Retrieving Domain Password Policies”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

May 2008
M T W T F S S
« Apr   Jun »
 1234
567891011
12131415161718
19202122232425
262728293031  

%d bloggers like this: