Password Policy

HC812003 1 Reputation point
2022-04-01T13:18:32.76+00:00

We recently deployed a fine grain password policy to our test users. Is there a way to find out via powershell which users does not meet the newly fine grain password policy?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,524 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Philippe Levesque 5,796 Reputation points
    2022-04-01T13:33:11.547+00:00

    In powershell you can list user attribute for last password change if you set a password policy on the password age, but you can't list the password complexity, so it depend on your password policy.

    0 comments No comments

  2. Limitless Technology 39,616 Reputation points
    2022-04-06T15:06:16.423+00:00

    Hi @HC812003

    The Get-ADDefaultDomainPasswordPolicy cmdlet gets the default password policy for a domain.

    Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser

    You can then compare them with the requirements for the fine grain policy.

    The Get-ADFineGrainedPasswordPolicy cmdlet gets a fine-grained password policy or performs a search to retrieve multiple fine-grained password policies.

    https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-adfinegrainedpasswordpolicy?view=windowsserver2022-ps#:~:text=The%20Get%2DADFineGrainedPasswordPolicy%20cmdlet%20gets,grained%20password%20policy%20to%20get.

    --
    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.