Create and apply a PSO with PowerShell

Hello,

Thanks to Active Directory PowerShell module, you can easily create a Password Setting Object :

New-ADFineGrainedPasswordPolicy

If you look carefully, you’ll notice that you can create the PSO, but not set where to apply it. For that, you need a second cmdlet :

Set-ADFineGrainedPasswordPolicy

Set-ADFineGrainedPasswordPolicy -Identity ‘NeverExpire’ -Replace @{‘msDS-PSOAppliesTo’=’CN=PSO_NeverExpire,OU=Groups,DC=ad,DC=itfordummies,DC=net’}

Set-ADFineGrainedPAsswordPolicy

Edit : You can also use the Add-ADFineGrainedPasswordPolicySubject cmdlet.

 

Leave a Reply