Create Custom Password Policy with Powershell

In this article, I am going to give powershell script examples to create Fine Grained Password Policy or Custom Password Policy and explain how to link/apply a fine grained password policy to specific user or a group using Powershell.

Create Fine Grained Password Policy using Powershell Script

We can use the powershell cmdlet New-ADFineGrainedPasswordPolicy to create a new Active Directory custom password policy. Follow the below steps to run the below Powershell script that will create new fine grained password policy with the name AdminUserPSO.

1. Copy the below powershell script and paste in Notepad file.
2. Change the new policy name AdminUserPSO into your own password policy name which you want to create.
4. SaveAs the Notepad file with the extension .ps1 like Create-Fine-Grained-PasswordPolicy.ps1

Powershell script file: Download Create-Fine-Grained-PasswordPolicy.ps1

Import-Module ActiveDirectory
New-ADFineGrainedPasswordPolicy -Name "AdminUsersPSO" `
 -Precedence 500 `
 -ComplexityEnabled $true `
 -Description "The ADmin Users Password Policy" `
 -DisplayName "Admin Users PSO" `
 -LockoutDuration "0.14:00:00" `
 -LockoutObservationWindow "0.00:15:00" `
 -LockoutThreshold 10 `
 -MaxPasswordAge "45.00:00:00" `
 -MinPasswordAge "1.00:00:00" `
 -MinPasswordLength 8 `
 -PasswordHistoryCount 24 `
 -ReversibleEncryptionEnabled $false 
Write-Host "----New Password Policy 'AdminUsersPSO' createted----"

5. Now run the Create-Fine-Grained-PasswordPolicy.ps1 file in Powershell console to create new custom password policy.

Apply Fine Grained Password Policy to Group and Users using Powershell Script

You can use the powershell cmdlet Add-ADFineGrainedPasswordPolicySubject to apply a fine-grained password policy to one or more global security groups and users.

Use below script to apply the fine-grained password policy AdminUserPSO to the group Administrators:

Add-ADFineGrainedPasswordPolicySubject AdminUsersPSO -Subjects 'Administrators'

Apply the custom password policy AdminUserPSO to the users Admin and MorganTest:

Add-ADFineGrainedPasswordPolicySubject AdminUsersPSO -Subjects Admin,MorganTest

Find all the groups and users to which the fine-grained password policy AdminUserPSO applies:

Get-ADFineGrainedPasswordPolicy AdminUsersPSO | ft AppliesTo -A
Create Fine-Grained Password Policy and Apply to Group and Users using Powershell Script
Advertisement

Leave a Comment