asked on
Fine Grained Password Policies, is it working?
I setup AD for Fine Grained Password Policies in a Windows Server 2016.
I am testing with a test user. But when I used PowerShell "Get-ADUserResultantPasswordPolicy test"or CMD "net account" I got different results.
Why I got different results? What policy apply?
PowerShell
AppliesTo : {CN=Password Staff,OU=Password Policies,OU=MyDomain Groups,OU=MyDomain ,DC=MyDomain ,DC=com}
ComplexityEnabled : True
DistinguishedName : CN=StaffPSO,CN=Password Settings Container,CN=System,DC=MyDomain ,DC=com
LockoutDuration : 12:00:00
LockoutObservationWindow : 00:15:00
LockoutThreshold : 10
MaxPasswordAge : 72.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 10
Name : StaffPSO
ObjectClass : msDS-PasswordSettings
ObjectGUID : b26cf7e3-5f05-4769-bf78-4a81851d2c1a
PasswordHistoryCount : 24
Precedence : 400
ReversibleEncryptionEnabled : False
Net Account
ComplexityEnabled : False
DistinguishedName : DC=MyDomain,DC=com
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 0
MaxPasswordAge : 90.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 5
objectClass : {domainDNS}
objectGuid : 641f3156-075d-4ef9-b520-a8e71d7a041d
PasswordHistoryCount : 1
ReversibleEncryptionEnabled : False
I am testing with a test user. But when I used PowerShell "Get-ADUserResultantPasswordPolicy test"or CMD "net account" I got different results.
Why I got different results? What policy apply?
PowerShell
AppliesTo : {CN=Password Staff,OU=Password Policies,OU=MyDomain Groups,OU=MyDomain ,DC=MyDomain ,DC=com}
ComplexityEnabled : True
DistinguishedName : CN=StaffPSO,CN=Password Settings Container,CN=System,DC=MyDomain ,DC=com
LockoutDuration : 12:00:00
LockoutObservationWindow : 00:15:00
LockoutThreshold : 10
MaxPasswordAge : 72.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 10
Name : StaffPSO
ObjectClass : msDS-PasswordSettings
ObjectGUID : b26cf7e3-5f05-4769-bf78-4a81851d2c1a
PasswordHistoryCount : 24
Precedence : 400
ReversibleEncryptionEnabled : False
Net Account
ComplexityEnabled : False
DistinguishedName : DC=MyDomain,DC=com
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 0
MaxPasswordAge : 90.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 5
objectClass : {domainDNS}
objectGuid : 641f3156-075d-4ef9-b520-a8e71d7a041d
PasswordHistoryCount : 1
ReversibleEncryptionEnabled : False
Windows Server 2016Active DirectoryWindows 10Azure
Last Comment
McKnife