PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Set-ADDefaultDomainPasswordPolicy', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Modifies the default password policy for an Active Directory domain.


Set-ADDefaultDomainPasswordPolicy [-Identity] <ADDefaultDomainPasswordPolicy> [-AuthType <ADAuthType>] [-ComplexityEnabled <Boolean>]
[-Credential <PSCredential>] [-LockoutDuration <TimeSpan>] [-LockoutObservationWindow <TimeSpan>] [-LockoutThreshold <Int32>] [-MaxPasswordAge
<TimeSpan>] [-MinPasswordAge <TimeSpan>] [-MinPasswordLength <Int32>] [-PassThru [<SwitchParameter>]] [-PasswordHistoryCount <Int32>]
[-ReversibleEncryptionEnabled <Boolean>] [-Server <String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]

Search powershellhelp.space


The Set-ADDefaultDomainPasswordPolicy cmdlet modifies the properties of the default password policy for a domain. You can modify property
values by using the cmdlet parameters.

The Identity parameter specifies the domain whose default password policy you want modify. You can identify a domain by its Distinguished Name
(DN), GUID, Security Identifier (SID), DNS domain name, or NETBIOS name. You can also set the parameter to an ADDomain object variable, or
pass an ADDomain object through the pipeline to the Identity parameter. For example, you can use the Get-ADDomain cmdlet to retrieve a domain
object and then pass the object through the pipeline to the Set-ADDomainDefaultPasswordPolicy cmdlet.



Online Version: http://go.microsoft.com/fwlink/?LinkID=219358




-------------------------- EXAMPLE 1 --------------------------

C:\PS>Set-ADDefaultDomainPasswordPolicy -Identity fabrikam.com -LockoutDuration 00:40:00 -LockoutObservationWindow 00:20:00 -ComplexityEnabled
$true -ReversibleEncryptionEnabled $false -MaxPasswordAge 10.00:00:00



Set the default domain password policy for a given domain. Note: setting MaxPwdAge to 0 will convert it to 'never' (Int64.MinValue or
-9223372036854775808 in the directory).

-------------------------- EXAMPLE 2 --------------------------

C:\PS>Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser | Set-ADDefaultDomainPasswordPolicy -LockoutDuration 00:40:00
-LockoutObservationWindow 00:20:00 -ComplexityEnabled $true -ReversibleEncryptionEnabled $false -MinPasswordLength 12



Set the default domain password policy for the current logged on user domain.