Get-ADUserResultantPasswordPolicy - Seems to run but returns no results and no errors

Posted on 2016-08-30
Medium Priority
Last Modified: 2016-09-18
Im running whilst logged in as a domain admin. Any ideas?

Windows Server 2012
Active Directory
Question by:Dallas Smetter
  • 2

Expert Comment

ID: 41776655
Is your domain functional level less than DS_BEHAVIOR_WIN2008? This may be the case. Other reasons for no return values can be found here.

Author Comment

by:Dallas Smetter
ID: 41776657
Both forest and domain are at 2008 R2
LVL 44

Accepted Solution

Adam Brown earned 2000 total points (awarded by participants)
ID: 41777082
Get-ADUserResultantPasswordPolicy  will return nothing if there is no Password Settings Object that applies to the user you run the cmdlet against. It will basically just query the msds-ResultantPSO attribute for any user you pass to the cmdlet and read the password settings for the referenced PSO. If no PSO is assigned to the user, this attribute doesn't exist for the user and can't be read, so the cmdlet returns nothing.
LVL 44

Expert Comment

by:Adam Brown
ID: 41803582
No response from user, but this is the most likely cause of the problem

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question