asked on
Sanity Check: How To Tell What Password Policy is being Used by Active Directory
I would like to know what the current Password Policy for Active Directory is because I have inherited some information that is conflicting.
When I run this Powershell command on a Server connected to the Network:
The previous Devs left a Scheduled Task that reminds users to change their password every 76, 83 and 89 days. This uses a. DSGet Powershell command and implies that passwords last longer than 42 days!
Could there be fine-grained passwords in a level above this? Or does the Powershell command "Get-ADDefaultDomainPasswordPolicy" show what is being applied?
Thanks for the Friday Afternoon sanity check.
When I run this Powershell command on a Server connected to the Network:
Get-ADDefaultDomainPasswordPolicy
ComplexityEnabled : True
DistinguishedName : DC=company,DC=com
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 0
MaxPasswordAge : 42.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 7
objectClass : {domainDNS}
objectGuid : d90d-45e9-8f3e
PasswordHistoryCount : 24
ReversibleEncryptionEnabled : False
The previous Devs left a Scheduled Task that reminds users to change their password every 76, 83 and 89 days. This uses a. DSGet Powershell command and implies that passwords last longer than 42 days!
Could there be fine-grained passwords in a level above this? Or does the Powershell command "Get-ADDefaultDomainPasswordPolicy" show what is being applied?
Thanks for the Friday Afternoon sanity check.
PowershellActive Directory
Last Comment
Pau Lo