PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Set-ADDefaultDomainPasswordPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Modifies the default password policy for an Active Directory domain.


Set-ADDefaultDomainPasswordPolicy [-Identity] <ADDefaultDomainPasswordPolicy> [-AuthType {Negotiate | Basic}] [-ComplexityEnabled <Boolean>] [-Credential <PSCredential>]
[-LockoutDuration <TimeSpan>] [-LockoutObservationWindow <TimeSpan>] [-LockoutThreshold <Int32>] [-MaxPasswordAge <TimeSpan>] [-MinPasswordAge <TimeSpan>]
[-MinPasswordLength <Int32>] [-PassThru] [-PasswordHistoryCount <Int32>] [-ReversibleEncryptionEnabled <Boolean>] [-Server <String>] [-Confirm] [-WhatIf] [<CommonParameters>]

Search powershellhelp.space


The Set-ADDefaultDomainPasswordPolicy cmdlet modifies the properties of the default password policy for a domain. You can modify property values by using the cmdlet

The Identity parameter specifies the domain whose default password policy you want modify. You can identify a domain by its Distinguished Name (DN), GUID, Security
Identifier (SID), DNS domain name, or NETBIOS name. You can also set the parameter to an ADDomain object variable, or pass an ADDomain object through the pipeline to the
Identity parameter. For example, you can use the Get-ADDomain cmdlet to retrieve a domain object and then pass the object through the pipeline to the
Set-ADDefaultDomainPasswordPolicy cmdlet.



Online Version: http://go.microsoft.com/fwlink/p/?linkid=291115




-------------------------- EXAMPLE 1 --------------------------

PS C:\>Set-ADDefaultDomainPasswordPolicy -Identity fabrikam.com -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled $True
-ReversibleEncryptionEnabled $False -MaxPasswordAge 10.00:00:00

This command sets the default domain password policy for a domain specified by using the Identity parameter. Note: setting MaxPwdAge to 0 will convert it to never, which is
Int64.MinValue or -9223372036854775808 in the directory.

-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser | Set-ADDefaultDomainPasswordPolicy -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00
-ComplexityEnabled $true -ReversibleEncryptionEnabled $false -MinPasswordLength 12

This command sets the default domain password policy for the current logged on user domain.