Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADFineGrainedPasswordPolicy cmdlet supports the default and extended properties listed in the following table.
Many can be assigned values with the Set-ADFineGrainedPasswordPolicy cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink.
| Property | Syntax | R/RW | lDAPDisplayName |
| AppliesTo | ADCollection | R/W | msDS-PSOAppliesTo |
| CanonicalName | String | R | canonicalName |
| CN | String | R | cn |
| ComplexityEnabled | Boolean | R/W | msDS-PasswordComplexityEnabled |
| Created | String | R | whenCreated |
| Deleted | String | R | isDeleted |
| Description | String | R/W | description |
| DisplayName | String | R/W | displayName |
| DistinguishedName | String (DN) | R | distinguishedName |
| LastKnownParent | String (DN) | R | lastKnownParent |
| LockoutDuration | TimeSpan | R/W | msDS-LockoutDuration |
| LockoutObservationWindow | TimeSpan | R/W | msDS-lockoutObservationWindow |
| LockoutThreshold | Integer | R/W | msDS-lockoutThreshold |
| MaxPasswordAge | TimeSpan | R/W | msDS-MaximumPasswordAge |
| MinPasswordAge | TimeSpan | R/W | msDS-MinimumPasswordAge |
| MinPasswordLength | Integer | R/W | msDS-MinimumPasswordLength |
| Modified | String | R | whenChanged |
| Name | String | R | cn (Relative Distinguished Name) |
| ObjectCategory | String | R | objectCategory |
| ObjectClass | String | R | objectClass, most specific value |
| ObjectGUID | Guid | R | objectGUID, converted to string |
| PasswordHistoryCount | Integer | R/W | msDS-PasswordHistoryLength |
| Precedence | Integer | R/W | msDS-PasswordSettingsPrecedence |
| ProtectedFromAccidentalDeletion | String | R/W | ntSecurityDescriptor |
| ReversibleEncryptionEnabled | Boolean | R/W | msDS-PasswordReverisbleEncryptionEnabled |
The attributes are those of the Password Setting Object (PSO). These are objects of class msDS-PasswordSettings, and are located in the container "cn=Password Setting Container,cn=System,dc=mydomain,dc=com", where the domain is mydomain.com.
See Also
- Active Directory: PowerShell AD Module Properties
- AD DS: Fine-Grained Password Policies
- How to Apply an AD DS Fine-Grained Password Policy on Users Under an Organizational Unit
- Active Directory Back to Basics–Password Policies
- PowerShell Portal
- Wiki: Active Directory Domain Services (AD DS) Portal
- Active Directory: Glossary
- Active Directory PowerShell Cmdlet Properties
- Wiki: Portal of TechNet Wiki Portals
Other Resources
- Get-ADFineGrainedPasswordPolicy
- Set-ADFineGrainedPasswordPolicy
- New-ADFineGrainedPasswordPolicy
- Remove-ADFineGrainedPasswordPolicy
- Get-ADUserResultantPasswordPolicy