Hello,
Thanks to Active Directory PowerShell module, you can easily create a Password Setting Object :
New-ADFineGrainedPasswordPolicy
If you look carefully, you’ll notice that you can create the PSO, but not set where to apply it. For that, you need a second cmdlet :
Set-ADFineGrainedPasswordPolicy
Set-ADFineGrainedPasswordPolicy -Identity ‘NeverExpire’ -Replace @{‘msDS-PSOAppliesTo’=’CN=PSO_NeverExpire,OU=Groups,DC=ad,DC=itfordummies,DC=net’}
Edit : You can also use the Add-ADFineGrainedPasswordPolicySubject cmdlet.