Create Fine Grained Password Policy using Powershell Script
We can use the powershell cmdlet New-ADFineGrainedPasswordPolicy to create a new Active Directory custom password policy. Follow the below steps to run the below Powershell script that will create new fine grained password policy with the name AdminUserPSO.
1. Copy the below powershell script and paste in Notepad file.
2. Change the new policy name AdminUserPSO into your own password policy name which you want to create.
4. SaveAs the Notepad file with the extension .ps1 like Create-Fine-Grained-PasswordPolicy.ps1
Powershell script file: Download Create-Fine-Grained-PasswordPolicy.ps1
Import-Module ActiveDirectory New-ADFineGrainedPasswordPolicy -Name "AdminUsersPSO" ` -Precedence 500 ` -ComplexityEnabled $true ` -Description "The ADmin Users Password Policy" ` -DisplayName "Admin Users PSO" ` -LockoutDuration "0.14:00:00" ` -LockoutObservationWindow "0.00:15:00" ` -LockoutThreshold 10 ` -MaxPasswordAge "45.00:00:00" ` -MinPasswordAge "1.00:00:00" ` -MinPasswordLength 8 ` -PasswordHistoryCount 24 ` -ReversibleEncryptionEnabled $false Write-Host "----New Password Policy 'AdminUsersPSO' createted----"
5. Now run the Create-Fine-Grained-PasswordPolicy.ps1 file in Powershell console to create new custom password policy.
Apply Fine Grained Password Policy to Group and Users using Powershell Script
You can use the powershell cmdlet Add-ADFineGrainedPasswordPolicySubject to apply a fine-grained password policy to one or more global security groups and users.
Use below script to apply the fine-grained password policy AdminUserPSO to the group Administrators:
Add-ADFineGrainedPasswordPolicySubject AdminUsersPSO -Subjects 'Administrators'
Apply the custom password policy AdminUserPSO to the users Admin and MorganTest:
Add-ADFineGrainedPasswordPolicySubject AdminUsersPSO -Subjects Admin,MorganTest
Find all the groups and users to which the fine-grained password policy AdminUserPSO applies:
Get-ADFineGrainedPasswordPolicy AdminUsersPSO | ft AppliesTo -A