PowerShell Logo Small

Set-ADDefaultDomainPasswordPolicy



This is the built-in help made by Microsoft for the command 'Set-ADDefaultDomainPasswordPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies the default password policy for an Active Directory domain.

SYNTAX


Set-ADDefaultDomainPasswordPolicy [-Identity] <ADDefaultDomainPasswordPolicy> [-AuthType {Negotiate | Basic}] [-ComplexityEnabled <Boolean>] [-Credential <PSCredential>]
[-LockoutDuration <TimeSpan>] [-LockoutObservationWindow <TimeSpan>] [-LockoutThreshold <Int32>] [-MaxPasswordAge <TimeSpan>] [-MinPasswordAge <TimeSpan>]
[-MinPasswordLength <Int32>] [-PassThru] [-PasswordHistoryCount <Int32>] [-ReversibleEncryptionEnabled <Boolean>] [-Server <String>] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADDefaultDomainPasswordPolicy cmdlet modifies the properties of the default password policy for a domain. You can modify property values by using the cmdlet
parameters.


The Identity parameter specifies the domain whose default password policy you want modify. You can identify a domain by its Distinguished Name (DN), GUID, Security
Identifier (SID), DNS domain name, or NETBIOS name. You can also set the parameter to an ADDomain object variable, or pass an ADDomain object through the pipeline to the
Identity parameter. For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline to the
Set-ADDefaultDomainPasswordPolicy cmdlet.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291115
Get-ADDefaultDomainPasswordPolicy

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Set-ADDefaultDomainPasswordPolicy -Identity fabrikam.com -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $True
-ReversibleEncryptionEnabled $False -MaxPasswordAge 10.00:00:00



This command sets the default domain password policy for a domain specified by using the Identity parameter. Note: setting MaxPwdAge to 0 will convert it to never, which is
Int64.MinValue or -9223372036854775808 in the directory.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser | Set-ADDefaultDomainPasswordPolicy -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00
-ComplexityEnabled $true -ReversibleEncryptionEnabled $false -MinPasswordLength 12



This command sets the default domain password policy for the current logged on user domain.