Proficient in PowerShell of Windows Server 2008 Multi-meta password policy

Source: Internet
Author: User
Tags command line

Objective

In the last two articles, "Proficient in Windows Server 2008 Multi-meta password policy ADSIEdit" and "proficient in the Windows Server 2008 Multi-meta password Policy ldifde" I have introduced how to use ADSIEdit tools, Active Directory user and computer snap-in and LDIFDE command line tools Create, Manage password Settings object PSO. In this article, I will show you how to implement and manage the multiple password policy using the PowerShell of AD management produced by Quese company.

By convention, in order for everyone to have a clear idea in the operation, I will write out the main steps:

Step 1: Create a PSO

Step 2: Apply PSO to User and/or global security groups

Step 3: Manage the PSO

Step 4: View the results of a user or global security group PSO

Step 5: Verify the results

Note: Because of versatility and repeatability, some steps are not necessarily demonstrated, please refer to the previous article.

Actual combat

Ⅲ. PowerShell

Step 1: Create a PSO

1.

A little more preparation is needed before the formal start. Make sure that the 2008 server adds the Windows Power Shell feature. Also, please download the PowerShell Management Pack and install it on the Quest website. Http://www.quest.com/powershell/activeroles-server.aspx. If you do not bother to find, then you can download from the following address, but I do not guarantee that this address will not be invalidated or a new version of the launch has not been updated:

32-bit:

Http://www.quest.com/Quest_Download_Assets/individual_components/ManagementShellforActiveDirectory32bit_11.msi

64-bit:

Http://www.quest.com/Quest_Download_Assets/individual_components/ManagementShellforActiveDirectory64bit_11.msi

2.

Locate and open the installed Activeroles Management Shell for Active Directory in all programs.

3.

Enter the following cmdlet to create a PSO, as shown in Figure 1. Once created, you can use Get-qadpasswordsettingsobject to view the PSO in the current AD.

New-qadpasswordsettingsobject

-name ' Adminpso '-precedence 1

-reversibleencryptionenabled: $FALSE

-passwordhistorylength 3

-passwordcomplexityenabled: $TRUE

-minimumpasswordlength 16

-minimumpasswordage (new-timespan-days-0)

-maximumpasswordage (NEW-TIMESPAN-DAYS-14)

-lockoutthreshold 3

-resetlockoutcounterafter (new-timespan-days-0-hour-0-minute-30)

-lockoutduration (new-timespan-days-0-hour-0-minute-30)

-appliesto Winos\psogroup

Figure 1

4.

You can use the Get-qadpasswordsettingsobject cmdlet to view the currently existing PSO. As shown in Figure 2.

Figure 2

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.