Active Directory Password Policy

Check a User's Password and Policy

Check when a user password expires:

net user USERNAME /domain

Get-ADUserResultantPasswordPolicy USERNAME

Default Domain Password Policy

Get-ADDefaultDomainPasswordPolicy

Fine-Grained Password Policy

https://specopssoft.com/blog/check-password-requirements-active-directory/

http://techgenix.com/configuring-fine-grained-password-policies/

CloudPanel: https://kb.knowmoreit.com/how-to/setting-up-user-password-expiring-notices/

Show Fine-Grained Password Policies

Get-ADFineGrainedPasswordPolicy -Filter *

Show Per User Policy

Get-ADUserResultantPasswordPolicy username

Or to show all users:

function Get-MTUserPasswordPolicy ($Identity)
{
    $Fgpp = (Get-ADUserResultantPasswordPolicy -Identity $Identity).Name
    [string]$Policy = switch ($Fgpp)
    {
        $null {"Default Domain Policy"}
        {!($null)} {$Fgpp}
    }
    
    $Return = New-Object -TypeName PSObject
    $Return | Add-Member -MemberType NoteProperty -Name Identity -Value $Identity
    $Return | Add-Member -MemberType NoteProperty -Name PasswordPolicy -Value $Policy
    
    return $Return
}

Then call the function:

Get-ADUser -Filter {Enabled -eq $True} | ForEach-Object {Get-MTUserPasswordPolicy -Identity $_.SamAccountName}

Virtual Architects Support Wiki

Table of Contents

Active Directory Password Policy

Check a User's Password and Policy

Default Domain Password Policy

Fine-Grained Password Policy

Show Fine-Grained Password Policies

Show Per User Policy

Virtual Architects Support Wiki

User Tools

Site Tools

Table of Contents

Active Directory Password Policy

Check a User's Password and Policy

Default Domain Password Policy

Fine-Grained Password Policy

Show Fine-Grained Password Policies

Show Per User Policy

Page Tools