Create and apply a PSO with PowerShell


Thanks to Active Directory PowerShell module, you can easily create a Password Setting Object :


If you look carefully, you’ll notice that you can create the PSO, but not set where to apply it. For that, you need a second cmdlet :


Set-ADFineGrainedPasswordPolicy -Identity ‘NeverExpire’ -Replace @{‘msDS-PSOAppliesTo’=’CN=PSO_NeverExpire,OU=Groups,DC=ad,DC=itfordummies,DC=net’}


Edit : You can also use the Add-ADFineGrainedPasswordPolicySubject cmdlet.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.