Tags
Oh goody ! Things got easier again thanks to Powershell 🙂
Do you need to fiddle with the Password Policy on the Domain? Or do you deploy domains on a regular basis in the field?
If you have Server 2008R2 in the backend with new Active Directory Modules, this is a COMMAND now to edit it.
You can still use Group Policy but isn’t it nice to just “Call it up and Change it?”
With ActiveDirectory Modules you have two beautiful new commands.
Get-ADDefaultDomainPasswordPolicy and Set-ADDefaultDomainPasswordPolicy
Running “Get-ADDefaultDomainPasswordPolicy” (as it suggests) will show you the present configuration of the password policy, like so
PS C:> Get-ADDefaultDomainPasswordPolicy
ComplexityEnabled : True
DistinguishedName : DC=Contoso,DC=local
LockoutDuration : 00:90:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 2
MaxPasswordAge : 10.00:00:00
MinPasswordAge : 5.00:00:00
MinPasswordLength : 17
objectClass : {domainDNS}
objectGuid : 12345678-1234-1234-1234-123456789012
PasswordHistoryCount : 140
ReversibleEncryptionEnabled : True
As we can see from this Policy, we have a real BOFH on our hands running the network with a history of 150 different passwords, 17 Character minimums, Lockouts after 2 attempts!
Which is we he was fired and now your job is to fix this quickly since every user is outside your office with burning torches to take out the IT Department!
But since YOU know Powershell and have Server 2008R2 in the back end, this is not a problem. Grab the configuration and store it…
$MESSYPOLICY=Get-ADDefaultDomainPasswordPolicy
…and then just set the options you want the way you want it
$MESSYPOLICY.ComplexityEnabled=True
$MESSYPOLICY.LockoutThreshold=10
$MESSYPOLICY.MinPasswordLength=8
$MESSYPOLICY.PasswordHistoryCount=10
Set-ADDefaultDomainPasswordPolicy $MESSYPOLICY
There! with just a few easy to type settings you have held back the masses! A more reasonable lockout of 10 attempts, an 8 character password length and only 10 remembered!
Your life saved all thanks to Powershell and Server 2008R2 !
Sean
The Energized Tech