PowerShell Logo Small

New-ADFineGrainedPasswordPolicy



This is the built-in help made by Microsoft for the command 'New-ADFineGrainedPasswordPolicy', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates a new Active Directory fine-grained password policy.

SYNTAX


New-ADFineGrainedPasswordPolicy [-Name] <String> [-Precedence] <Int32> [-AuthType {Negotiate | Basic}] [-ComplexityEnabled <Boolean>] [-Credential <PSCredential>]
[-Description <String>] [-DisplayName <String>] [-Instance <ADFineGrainedPasswordPolicy>] [-LockoutDuration <TimeSpan>] [-LockoutObservationWindow <TimeSpan>]
[-LockoutThreshold <Int32>] [-MaxPasswordAge <TimeSpan>] [-MinPasswordAge <TimeSpan>] [-MinPasswordLength <Int32>] [-OtherAttributes <Hashtable>] [-PassThru]
[-PasswordHistoryCount <Int32>] [-ProtectedFromAccidentalDeletion <Boolean>] [-ReversibleEncryptionEnabled <Boolean>] [-Server <String>] [-Confirm] [-WhatIf]
[<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The New-ADFineGrainedPasswordPolicy cmdlet creates a new Active Directory fine-grained password policy. You can set commonly used fine-grained password policy property
values by using the cmdlet parameters. Property values that are not associated with cmdlet parameters can be set by using the OtherAttributes parameter.


You must set the Name and Precedence parameters to create a new fine-grained password policy.


The following methods explain different ways to create an object by using this cmdlet.


Method 1: Use the New-ADFineGrainedPasswordPolicy cmdlet, specify the required parameters, and set any additional property values by using the cmdlet parameters.


Method 2: Use a template to create the new object. To do this, create a new fine-grained password policy object or retrieve a copy of an existing fine-grained password
policy object and set the Instance parameter to this object. The object provided to the Instance parameter is used as a template for the new object. You can override
property values from the template by setting cmdlet parameters. For examples and more information, see the Instance parameter description for this cmdlet.


Method 3: Use the Import-Csv cmdlet with the New-ADFineGrainedPasswordPolicy cmdlet to create multiple Active Directory fine-grained password policy objects. To do this, use
the Import-Csv cmdlet to create the custom objects from a comma-separated value (CSV) file that contains a list of object properties. Then pass these objects through the
pipeline operator to the New-ADFineGrainedPasswordPolicy cmdlet to create the fine-grained password policy objects.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291066
Get-ADFineGrainedPasswordPolicy
Remove-ADFineGrainedPasswordPolicy
Set-ADFineGrainedPasswordPolicy

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>New-ADFineGrainedPasswordPolicy -Name "DomainUsersPSO" -Precedence 500 -ComplexityEnabled $true -Description "The Domain Users Password Policy" -DisplayName "Domain
Users PSO" -LockoutDuration "0.12:00:00" -LockoutObservationWindow "0.00:15:00" -LockoutThreshold 10



This command creates a new Fine Grained Password Policy object named DomainUsersPSO and set the Precedence, ComplexityEnabled, Description, DisplayName, LockoutDuration,
LockoutObservationWindw, and LockoutThreshold properties on the object.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>$templatePSO = New-Object Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy
PS C:\> $templatePSO.ComplexityEnabled = $true
PS C:\> $templatePSO.LockoutDuration = [TimeSpan]::Parse("0.12:00:00")
PS C:\> $templatePSO.LockoutObservationWindow = [TimeSpan]::Parse("0.00:15:00")
PS C:\> $templatePSO.LockoutThreshold = 10
PS C:\> $templatePSO.MinPasswordAge = [TimeSpan]::Parse("0.00:10:00")
PS C:\> $templatePSO.PasswordHistoryCount = 24
PS C:\> $templatePSO.ReversibleEncryptionEnabled = $false
PS C:\> New-ADFineGrainedPasswordPolicy -Instance $templatePSO -Name "SvcAccPSO" -Precedence 100 -Description "The Service Accounts Password Policy" -DisplayName "Service
Accounts PSO" -MaxPasswordAge "30.00:00:00" -MinPasswordLength 20
PS C:\> New-ADFineGrainedPasswordPolicy -Instance $templatePSO -Name "AdminsPSO" -Precedence 200 -Description "The Domain Administrators Password Policy" -DisplayName
"Domain Administrators PSO" -MaxPasswordAge "15.00:00:00" -MinPasswordLength 10



This example creates two new Fine Grained Password Policy objects using a template object.