Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » active_directory » ad_password_policy
Trace:
networking:windows:active_directory:ad_password_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:windows:active_directory:ad_password_policy [2020/09/25 09:28]
gcooper 		networking:windows:active_directory:ad_password_policy [2020/09/28 10:51] (current)
gcooper
Line 1: Line 1:
 ====== Active Directory Password Policy ====== ====== Active Directory Password Policy ======
 +
 +===== Check a User's Password and Policy =====
 +
 +Check when a user password expires:
 +
 +<file>
 +net user USERNAME /domain
 +
 +Get-ADUserResultantPasswordPolicy USERNAME
 +</file>
  
 ===== Default Domain Password Policy ===== ===== Default Domain Password Policy =====
  
 <file> <file>
-get-addomain | get-adobject -properties * | select *pwd*+Get-ADDefaultDomainPasswordPolicy
 </file> </file>
  
Line 10: Line 20:
  
 ===== Fine-Grained Password Policy ===== ===== Fine-Grained Password Policy =====
 +
 +https://specopssoft.com/blog/check-password-requirements-active-directory/
  
 http://techgenix.com/configuring-fine-grained-password-policies/ http://techgenix.com/configuring-fine-grained-password-policies/
  
-{{ :networking:windows:active_directory:ad-fine-grained-password-policy.png?direct&600 |Fine-Grained Password Policy}}+**CloudPanel**: https://kb.knowmoreit.com/how-to/setting-up-user-password-expiring-notices/ 
 + 
 +{{ :networking:windows:active_directory:ad-fine-grained-password-policy.png?direct&650 |Fine-Grained Password Policy}} 
 + 
 +==== Show Fine-Grained Password Policies ==== 
 + 
 +<file> 
 +Get-ADFineGrainedPasswordPolicy -Filter * 
 +</file> 
 + 
 +==== Show Per User Policy ==== 
 + 
 +<file> 
 +Get-ADUserResultantPasswordPolicy username 
 +</file> 
 + 
 +Or to show all users: 
 + 
 +<file> 
 +function Get-MTUserPasswordPolicy ($Identity) 
 +
 +    $Fgpp = (Get-ADUserResultantPasswordPolicy -Identity $Identity).Name 
 +    [string]$Policy = switch ($Fgpp) 
 +    { 
 +        $null {"Default Domain Policy"
 +        {!($null)} {$Fgpp} 
 +    } 
 +     
 +    $Return = New-Object -TypeName PSObject 
 +    $Return | Add-Member -MemberType NoteProperty -Name Identity -Value $Identity 
 +    $Return | Add-Member -MemberType NoteProperty -Name PasswordPolicy -Value $Policy 
 +     
 +    return $Return 
 +
 +</file> 
 + 
 +Then call the function: 
 + 
 +<file> 
 +Get-ADUser -Filter {Enabled -eq $True} | ForEach-Object {Get-MTUserPasswordPolicy -Identity $_.SamAccountName} 
 +</file> 
networking/windows/active_directory/ad_password_policy.1601047701.txt.gz · Last modified: 2020/09/25 09:28 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki