Link to home
Create AccountLog in
Avatar of Pau Lo
Pau Lo

asked on

fine grained password policy to users merge

is there any clever way within PowerShell to report for each fine grained password policy set in a domain, which user accounts are subject to it? Or if not within PowerShell, an alternative method to get a friendly user report of policy to users.
Avatar of oBdA
oBdA

There's Get-ADFineGrainedPasswordPolicy -Filter *, which will return all FGPP in the domain; the property AppliesTo will contain a list of DistinguishedNames of objects to which the FGPP will apply.
For details about the AppliesTo, you can use Get-ADFineGrainedPasswordPolicySubject.
So what do you understand under "friendly user report"? Do you just want the FGPP name and associated objects, or details about the respective FGPP as well? Do you want the objects as a list in a single cell, or a separate row for each object to which a FGPP applies?
In other words: which properties of the results you get from the commands above do you need in the report?
Avatar of Pau Lo

ASKER

Just really the SamAccountName and CN for users subject to each FGPP. I will take a look at the standard output of the command you provided.
ASKER CERTIFIED SOLUTION
Avatar of Shabarinath TR
Shabarinath TR
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
EXPERT CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Pau Lo

ASKER

that works perfectly, and yes the the policies were assigned to groups not directly to user accounts.