I've ran ad powershell cmds to get a the defaultpasswordpolicy and finegrainedpasswordpolicy settings. I noticed 3 fine grained password policy settings had been set which are more secure than the defaultpasswordpolicy. I know you can return what groups and AD is member of by powershell, but wasnt sure if you can also return a report of which domain policies they are subject to also, which may help for this task.
What I need is a command or way to reports which AD accounts are subject to which password policy, e.g. default domain password policy, or any of the fine grained password policies. The powershell cmd used to get all policy settings, does contain and "applies to" column. Does that mean default domain password policy would apply to every AD user outside of those specifically listed in the applies to column of finegranedpasswordpolicy settings, who would then be subject to the finegrainedpasswordpolicies?
for info - these were the commands used
Get-ADFineGrainedPasswordPolicy -Filter *