PowerShell Logo Small

Get-ADFineGrainedPasswordPolicy



This is the built-in help made by Microsoft for the command 'Get-ADFineGrainedPasswordPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Gets one or more Active Directory fine-grained password policies.

SYNTAX


Get-ADFineGrainedPasswordPolicy [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>]
[-SearchBase <String>] [-SearchScope {Base | OneLevel | Subtree}] [-Server <String>] -Filter <String> [<CommonParameters>]
Get-ADFineGrainedPasswordPolicy [-Identity] <ADFineGrainedPasswordPolicy> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-Server
<String>] [<CommonParameters>]
Get-ADFineGrainedPasswordPolicy [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>]
[-SearchBase <String>] [-SearchScope {Base | OneLevel | Subtree}] [-Server <String>] -LDAPFilter <String> [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Get-ADFineGrainedPasswordPolicy cmdlet gets a fine-grained password policy or performs a search to retrieve multiple fine-grained password policies.


The Identity parameter specifies the Active Directory fine-grained password policy to get. You can identify a fine-grained password policy by its distinguished name (DN),
GUID or name. You can also set the parameter to a fine-grained password policy object variable, such as $<localFineGrainedPasswordPolicyObject> or pass a fine-grained
password policy object through the pipeline operator to the Identity parameter.


To search for and retrieve more than one fine-grained password policies, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression
Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter
parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the
LDAPFilter parameter.


This cmdlet retrieves a default set of fine-grained password policy object properties. To retrieve additional properties use the Properties parameter. For more information
about the how to determine the properties for FineGrainedPasswordPolicy objects, see the Properties parameter description.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291029
Add-ADFineGrainedPasswordPolicySubject
New-ADFineGrainedPasswordPolicy
Remove-ADFineGrainedPasswordPolicy
Remove-ADFineGrainedPasswordPolicySubject
Set-ADFineGrainedPasswordPolicy

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Get-ADFineGrainedPasswordPolicy -Filter {Name -like "*"} | ft Name, Precedence,MaxPasswordAge,MinPasswordLength -A
Name Precedence MaxPasswordAge MinPasswordLength
---- ---------- -------------- -----------------
DomainUsersPSO 500 60.00:00:00 8
SvcAccPSO 100 30.00:00:00 20
AdminsPSO 200 15.00:00:00 10
DlgtdAdminsPSO 300 20.00:00:00 10



Description

-----------




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADFineGrainedPasswordPolicy -Identity AdminsPSO
Name : AdminsPSO
ComplexityEnabled : True
LockoutThreshold : 0
ReversibleEncryptionEnabled : True
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
MinPasswordLength : 10
Precedence : 200
ObjectGUID : ba1061f0-c947-4018-a399-6ad8897d26e3
ObjectClass : msDS-PasswordSettings
PasswordHistoryCount : 24
MinPasswordAge : 1.00:00:00
MaxPasswordAge : 15.00:00:00
AppliesTo : {}
DistinguishedName : CN=AdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM



This command gets the Fine Grained Password Policy named AdminsPSO.




-------------------------- EXAMPLE 3 --------------------------

PS C:\>Get-ADFineGrainedPasswordPolicy -Identity 'CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM' -Properties *
msDS-LockoutDuration : -18000000000
msDS-PasswordSettingsPrecedence : 300
ObjectCategory : CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,DC=FABRIKAM,DC=COM
DistinguishedName : CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM
ExpireOn :
msDS-MinimumPasswordAge : -864000000000
dSCorePropagationData : {12/31/1600 4:00:00 PM}
msDS-LockoutThreshold : 0
Description : The Delegated Administrators Password Policy
LockoutThreshold : 0
instanceType : 4
msDS-PasswordComplexityEnabled : True
MaxPasswordAge : 20.00:00:00
whenCreated : 8/15/2008 12:47:43 AM
Name : DlgtdAdminsPSO
ObjectClass : msDS-PasswordSettings
ReversibleEncryptionEnabled : True
msDS-PasswordReversibleEncryptionEnabled : True
Dynamic : False
LockoutDuration : 00:30:00
msDS-PSOAppliesTo : {CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM, CN=Bob
Kelly,OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM}
DisplayName : Delegated Administrators PSO
uSNCreated : 16395
Modified : 8/20/2008 12:21:15 AM
MinPasswordAge : 1.00:00:00
ProtectedFromAccidentalDeletion : False
Created : 8/15/2008 12:47:43 AM
sDRightsEffective : 15
ComplexityEnabled : True
PasswordHistoryCount : 24
msDS-MaximumPasswordAge : -17280000000000
MinPasswordLength : 10
Precedence : 300
ObjectGUID : 75cf8c7a-9c93-4e81-b611-851803372cb2
msDS-MinimumPasswordLength : 10
Deleted :
Orphaned : False
CN : DlgtdAdminsPSO
LastKnownParent :
CanonicalName : FABRIKAM.COM/System/Password Settings Container/DlgtdAdminsPSO
modifyTimeStamp : 8/20/2008 12:21:15 AM
msDS-LockoutObservationWindow : -18000000000
LockoutObservationWindow : 00:30:00
whenChanged : 8/20/2008 12:21:15 AM
createTimeStamp : 8/15/2008 12:47:43 AM
msDS-PasswordHistoryLength : 24
nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
AppliesTo : {CN=JeffPrice,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM,
CN=GlenJohn,OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM}
uSNChanged : 72719



This command gets all the properties for the Fine Grained Password Policy with DistinguishedName CN=DlgtdAdminsPSO,CN=Password Settings
Container,CN=System,DC=FABRIKAM,DC=COM.




-------------------------- EXAMPLE 4 --------------------------

PS C:\>Get-ADFineGrainedPasswordPolicy -Filter {name -like "*admin*"}
AppliesTo : {CN=GlenJohn,CN=Users,DC=Fabrikam,DC=com, CN=JeffPrice,CN=Users,DC=Fabrikam,DC=com, CN=Administrator,CN=Users,DC=Fabrikam,DC=com}
ComplexityEnabled : True
DistinguishedName : CN=DlgtdAdminsPSO,CN=Password Settings Container,CN=System,DC=Fabrikam,DC=com
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 0
MaxPasswordAge : 42.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 7
Name : DlgtdAdminsPSO
ObjectClass : msDS-PasswordSettings
ObjectGUID : b7de4e6e-c291-4ce6-bb47-6bf8f807df53
PasswordHistoryCount : 24
Precedence : 100
ReversibleEncryptionEnabled : True



This command gets all the Fine Grained Password Policy objects that have a name that begins with admin.