Link to home
Create AccountLog in
Avatar of djpierce54
djpierce54Flag for United States of America

asked on

Using Fine Grained policy in Server 2008 R2

I currently have a group policy for my domain to force users to change their password every 90 days.  I need to override that policy for one user and have the password expiration set to 120 days.
I setup the fine grained password polocy and I verified that it is defined for that user by doing the Get-ADFineGrainedPasswordPolicy cmdlet.
I assume it overrides my standard group policy but I wanted to know if there is a cmdlet that will list all the password policies for all users in the domain.
Of course I want to be able to go down the list and find that one user with the new overriding policy.  Really do not want to wait until the expiration date.  I tried just using the cmdlet (C1) to see how many days until that account expires. It stated 83 days.  I then went back and updated the finegrained policy by increasing to 122 days.  Then went back and ran the C1 cmdlet  and the value was 83 instead of 85. This is the C1 cmdlet:
 (([datetime]::FromFileTime((Get-ADUser -Identity Bill -Properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed"))-(Get-Date)).Days.

Suggestions to confirm that finegrained will override standard group policy?
ASKER CERTIFIED SOLUTION
Avatar of Sarang Tinguria
Sarang Tinguria
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.