Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 617
  • Last Modified:

domain password policy

Is there anyway in ADUC console to view  the default domain password policy settings around length, lockout, expiry days etc? I am new to ADUC and cant see where the actual parameter settings are stored?
0
pma111
Asked:
pma111
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
AstropathCommented:
Hi,

this might answer your question:

http://technet.microsoft.com/en-us/library/cc781159%28WS.10%29.aspx

Basically those settings are in the group policy, either for the domain or for the OU the object is in.
0
 
KCTSCommented:
You can only have one password policy per domain - its set at the domain level

Open Group Policy Management console from Administrative tools
Expand the tree, expanf domains and expanf your domain by clicking the [+] symbols
Right Click Default Domain Policy and select EDIT
Navigate to
Computer Configuration -> Windows Settings->Security Settings->Account Policies and double click Password Policy
0
 
AstropathCommented:
And the exact options you seek are under Computer Config / Windows Settings / Security Settings / Account Policies:

Password Policy
Account Lockout Policy

regards,

A.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
pma111Author Commented:
I dont have group policy management console so I was hoping for an alternative way to do it

gpresult used to work but now it just seems to list the policy name as opposed to the actual settings
0
 
Justin OwensITIL Problem ManagerCommented:
You don't have to have the GPMC to view Group Policy.  You can view the properties of any OU from the ADUC console and see a tab for "Group Policy".  If you click "Edit", it will give the ability to view the GPO selected.

I strongly recommend you install the GPMC, though, if you want to do this.  It is a standard administrative tool.

DrUltima
0
 
pma111Author Commented:
thanks will try that. is there a switch required on the gpresult command to view the actual parameter settings for the domain password policy. gpresult itself just lists the policy names, I wasnt sure if an /a switch or similar would show the actual parameter values around length, expiry, lockout etc
0
 
Justin OwensITIL Problem ManagerCommented:
Yes and No... GPRESULT has a verbose mode and a super verbose mode, but those are relatively huge and not very friendly output.  You are better off using either GPMC or RSoP.

DrUltima
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now