Proficient in PowerShell of Windows Server 2008 Multi-meta password policy

Objective

In the last two articles, "Proficient in Windows Server 2008 Multi-meta password policy ADSIEdit" and "proficient in the Windows Server 2008 Multi-meta password Policy ldifde" I have introduced how to use ADSIEdit tools, Active Directory user and computer snap-in and LDIFDE command line tools Create, Manage password Settings object PSO. In this article, I will show you how to implement and manage the multiple password policy using the PowerShell of AD management produced by Quese company.

By convention, in order for everyone to have a clear idea in the operation, I will write out the main steps:

Step 1: Create a PSO

Step 2: Apply PSO to User and/or global security groups

Step 3: Manage the PSO

Step 4: View the results of a user or global security group PSO

Step 5: Verify the results

Note: Because of versatility and repeatability, some steps are not necessarily demonstrated, please refer to the previous article.

Actual combat

Ⅲ. PowerShell

Step 1: Create a PSO

1.

A little more preparation is needed before the formal start. Make sure that the 2008 server adds the Windows Power Shell feature. Also, please download the PowerShell Management Pack and install it on the Quest website. Http://www.quest.com/powershell/activeroles-server.aspx. If you do not bother to find, then you can download from the following address, but I do not guarantee that this address will not be invalidated or a new version of the launch has not been updated:

32-bit:

Http://www.quest.com/Quest_Download_Assets/individual_components/ManagementShellforActiveDirectory32bit_11.msi

64-bit:

Http://www.quest.com/Quest_Download_Assets/individual_components/ManagementShellforActiveDirectory64bit_11.msi

2.

Locate and open the installed Activeroles Management Shell for Active Directory in all programs.

3.

Enter the following cmdlet to create a PSO, as shown in Figure 1. Once created, you can use Get-qadpasswordsettingsobject to view the PSO in the current AD.

New-qadpasswordsettingsobject

-name ' Adminpso '-precedence 1

-reversibleencryptionenabled: $FALSE

-passwordhistorylength 3

-passwordcomplexityenabled: $TRUE

-minimumpasswordlength 16

-minimumpasswordage (new-timespan-days-0)

-maximumpasswordage (NEW-TIMESPAN-DAYS-14)

-lockoutthreshold 3

-resetlockoutcounterafter (new-timespan-days-0-hour-0-minute-30)

-lockoutduration (new-timespan-days-0-hour-0-minute-30)

-appliesto Winos\psogroup

Figure 1

4.

You can use the Get-qadpasswordsettingsobject cmdlet to view the currently existing PSO. As shown in Figure 2.

Figure 2