My organization would like to implement Fine Grained Password Policy on its Domain Controllers. I recently ran the command New-ADFineGrainedPasswordPolicy in the Active Directory Powershell application. I received an error that I don't understand, and I can't find any explanation for it in the ADFineGrainedPasswordPolicy help. The error is
New-ADFineGrainedPasswordPolicy : The modification was not permitted for security reasons
At line:1 char:1
+ New-ADFineGrainedPasswordPolicy -Name "TestUsersOU_PSO" -Precedence 500 -Complex ...
+ CategoryInfo : NotSpecified: (CN=TestUsersOU_...abacares,DC=org:String) [New-ADFineGrainedPasswordPolicy], ADException
+ FullyQualifiedErrorId : The modification was not permitted for security reasons, Microsoft.ActiveDirectory.Management.Commands.NewADFineGrainedPasswordPolicy
This error makes me think that I need to check on prerequisites, but I don't know what they are or how to verify their status?