Table of Contents
Active Directory Password Policy
Check a User's Password and Policy
Check when a user password expires:
net user USERNAME /domain Get-ADUserResultantPasswordPolicy USERNAME
Default Domain Password Policy
Get-ADDefaultDomainPasswordPolicy
Fine-Grained Password Policy
https://specopssoft.com/blog/check-password-requirements-active-directory/
http://techgenix.com/configuring-fine-grained-password-policies/
CloudPanel: https://kb.knowmoreit.com/how-to/setting-up-user-password-expiring-notices/
Show Fine-Grained Password Policies
Get-ADFineGrainedPasswordPolicy -Filter *
Show Per User Policy
Get-ADUserResultantPasswordPolicy username
Or to show all users:
function Get-MTUserPasswordPolicy ($Identity)
{
$Fgpp = (Get-ADUserResultantPasswordPolicy -Identity $Identity).Name
[string]$Policy = switch ($Fgpp)
{
$null {"Default Domain Policy"}
{!($null)} {$Fgpp}
}
$Return = New-Object -TypeName PSObject
$Return | Add-Member -MemberType NoteProperty -Name Identity -Value $Identity
$Return | Add-Member -MemberType NoteProperty -Name PasswordPolicy -Value $Policy
return $Return
}
Then call the function:
Get-ADUser -Filter {Enabled -eq $True} | ForEach-Object {Get-MTUserPasswordPolicy -Identity $_.SamAccountName}