Differences

This shows you the differences between two versions of the page.

--- networking:windows:active_directory:ad_password_policy [2020/09/25 09:28]
gcooper
+++ networking:windows:active_directory:ad_password_policy [2020/09/28 10:51] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Active Directory Password Policy ======
+===== Check a User's Password and Policy =====
+Check when a user password expires:
+<file>
+net user USERNAME /domain
+Get-ADUserResultantPasswordPolicy USERNAME
+</file>
 ===== Default Domain Password Policy =====
 <file>
-get-addomain | get-adobject -properties * | select *pwd*
+Get-ADDefaultDomainPasswordPolicy
 </file>
@@ Line 10: / Line 20: @@
 ===== Fine-Grained Password Policy =====
+https://specopssoft.com/blog/check-password-requirements-active-directory/
 http://techgenix.com/configuring-fine-grained-password-policies/
+**CloudPanel**: https://kb.knowmoreit.com/how-to/setting-up-user-password-expiring-notices/
 {{ :networking:windows:active_directory:ad-fine-grained-password-policy.png?direct&650 |Fine-Grained Password Policy}}
+==== Show Fine-Grained Password Policies ====
+<file>
+Get-ADFineGrainedPasswordPolicy -Filter *
+</file>
+==== Show Per User Policy ====
+<file>
+Get-ADUserResultantPasswordPolicy username
+</file>
+Or to show all users:
+<file>
+function Get-MTUserPasswordPolicy ($Identity)
+{
+    $Fgpp = (Get-ADUserResultantPasswordPolicy -Identity $Identity).Name
+    [string]$Policy = switch ($Fgpp)
+    {
+        $null {"Default Domain Policy"}
+        {!($null)} {$Fgpp}
+    }
+    $Return = New-Object -TypeName PSObject
+    $Return | Add-Member -MemberType NoteProperty -Name Identity -Value $Identity
+    $Return | Add-Member -MemberType NoteProperty -Name PasswordPolicy -Value $Policy
+    return $Return
+}
+</file>
+Then call the function:
+<file>
+Get-ADUser -Filter {Enabled -eq $True} | ForEach-Object {Get-MTUserPasswordPolicy -Identity $_.SamAccountName}
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools