PowerShell Logo Small

Set-ADFineGrainedPasswordPolicy



This is the built-in help made by Microsoft for the command 'Set-ADFineGrainedPasswordPolicy', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Modifies an Active Directory fine grained password policy.

SYNTAX


Set-ADFineGrainedPasswordPolicy [-Identity] <ADFineGrainedPasswordPolicy> [-Add <Hashtable>] [-AuthType <ADAuthType>] [-Clear <String[]>]
[-ComplexityEnabled <Boolean>] [-Credential <PSCredential>] [-Description <String>] [-DisplayName <String>] [-LockoutDuration <TimeSpan>]
[-LockoutObservationWindow <TimeSpan>] [-LockoutThreshold <Int32>] [-MaxPasswordAge <TimeSpan>] [-MinPasswordAge <TimeSpan>]
[-MinPasswordLength <Int32>] [-PassThru [<SwitchParameter>]] [-PasswordHistoryCount <Int32>] [-Precedence <Int32>]
[-ProtectedFromAccidentalDeletion <Boolean>] [-Remove <Hashtable>] [-Replace <Hashtable>] [-ReversibleEncryptionEnabled <Boolean>] [-Server
<String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
Set-ADFineGrainedPasswordPolicy [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-PassThru [<SwitchParameter>]] [-Server <String>]
-Instance <ADFineGrainedPasswordPolicy> [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADFineGrainedPasswordPolicy cmdlet modifies the properties of an Active Directory fine grained password policy. You can modify
commonly used property values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be modified
by using the Add, Replace, Clear and Remove parameters.


The Identity parameter specifies the Active Directory fine grained password policy to modify. You can identify a fine grained password policy
by its distinguished name (DN), GUID or name. You can also set the Identity parameter to an object variable such as
$<localFineGrainedPasswordPolicyObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use
the Get-ADFineGrainedPasswordPolicy cmdlet to retrieve a fine grained password policy object and then pass the object through the pipeline to
the Set-ADFineGrainedPasswordPolicy cmdlet.


The Instance parameter provides a way to update a fine grained password policy object by applying the changes made to a copy of the object.
When you set the Instance parameter to a copy of an Active Directory fine grained password policy object that has been modified, the
Set-ADFineGrainedPasswordPolicy cmdlet makes the same changes to the original fine grained password policy object. To get a copy of the object
to modify, use the Get-ADFineGrainedPasswordPolicy object. The Identity parameter is not allowed when you use the Instance parameter. For more
information about the Instance parameter, see the Instance parameter description. For more information about how the Instance concept is used
in Active Directory cmdlets, see about_ActiveDirectory_Instance


The following examples show how to modify the Precedence property of a fine grained password policy object by using three methods:


-By specifying the Identity and the Precedence parameters


-By passing a fine grained password policy object through the pipeline and specifying the Precedence parameter


-By specifying the Instance parameter.


Method 1: Modify the Precedence property for the Level3Policyfine grained password policy by using the Identity and Precedence parameters.


Set-ADFineGrainedPasswordPolicy -Identity "Level3Policy" -Precedence 150


Method 2: Modify the Precedence property for the Level3Policyfine grained password policy by passing the Level3Policyfine grained password
policy through the pipeline and specifying the Precedence parameter.


Get-ADFineGrainedPasswordPolicy -Identity "Level3Policy"| Set-ADFineGrainedPasswordPolicy -Precedence 150


Method 3: Modify the Precedence property for the Level3Policy fine grained password policy by using the Windows PowerShell command line to
modify a local instance of the Level3Policyfine grained password policy. Then set the Instance parameter to the local instance.


$fineGrainedPasswordPolicy = Get-ADFineGrainedPasswordPolicy Level3Policy


$fineGrainedPasswordPolicy.Precedence = 150


Set-ADFineGrainedPasswordPolicy -Instance $fineGrainedPasswordPolicy



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkID=219348
Get-ADFineGrainedPasswordPolicy
New-ADFineGrainedPasswordPolicy
Remove-ADFineGrainedPasswordPolicy

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Set-ADFineGrainedPasswordPolicy MyPolicy -Precedence 100 -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled
$true -ReversibleEncryptionEnabled $false -MinPasswordLength 12



Description

-----------

Update the Precedence, LockoutDuration, LockoutObservationWindow, ComplexityEnabled, ReversibleEncryptionEnabled, and MinPasswordLength
properties on the FineGrainedPasswordPolicy object with name MyPolicy.




-------------------------- EXAMPLE 2 --------------------------

C:\PS>Set-ADFineGrainedPasswordPolicy 'CN=MyPolicy,CN=Password Settings Container,CN=System,DC=FABRIKAM,DC=COM' -MinPasswordLength 12



Description

-----------

Set the MinPasswordLength property on the FineGrainedPasswordPolicy object with DistinguishedName CN=MyPolicy,CN=Password Settings
Container,CN=System,DC=FABRIKAM,DC=COM.




-------------------------- EXAMPLE 3 --------------------------

C:\PS>$fgpp = Get-ADFineGrainedPasswordPolicy MyPolicy
$fgpp.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00")
$fgpp.LockoutThreshold = 10
$fgpp.MinPasswordLength = 8
$fgpp.PasswordHistoryCount = 24
Set-ADFineGrainedPasswordPolicy -Instance $fgpp



Description

-----------

Get the FineGrainedPasswordPolicy object with name MyPolicy, Update a set of properties on the object and then write the modifications back
to the directory using the instance parameter.