Active Directory: Get-ADFineGrainedPasswordPolicy Default and Extended Properties
The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADFineGrainedPasswordPolicy cmdlet supports the default and extended properties listed in the following table.
Many can be assigned values with the Set-ADFineGrainedPasswordPolicy cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink.
| Property | Syntax | R/RW | lDAPDisplayName |
| AppliesTo | ADCollection | R/W | msDS-PSOAppliesTo |
| CanonicalName | String | R | canonicalName |
| CN | String | R | cn |
| ComplexityEnabled | Boolean | R/W | msDS-PasswordComplexityEnabled |
| Created | String | R | whenCreated |
| Deleted | String | R | isDeleted |
| Description | String | R/W | description |
| DisplayName | String | R/W | displayName |
| DistinguishedName | String (DN) | R | distinguishedName |
| LastKnownParent | String (DN) | R | lastKnownParent |
| LockoutDuration | TimeSpan | R/W | msDS-LockoutDuration |
| LockoutObservationWindow | TimeSpan | R/W | msDS-lockoutObservationWindow |
| LockoutThreshold | Integer | R/W | msDS-lockoutThreshold |
| MaxPasswordAge | TimeSpan | R/W | msDS-MaximumPasswordAge |
| MinPasswordAge | TimeSpan | R/W | msDS-MinimumPasswordAge |
| MinPasswordLength | Integer | R/W | msDS-MinimumPasswordLength |
| Modified | String | R | whenChanged |
| Name | String | R | cn (Relative Distinguished Name) |
| ObjectCategory | String | R | objectCategory |
| ObjectClass | String | R | objectClass, most specific value |
| ObjectGUID | Guid | R | objectGUID, converted to string |
| PasswordHistoryCount | Integer | R/W | msDS-PasswordHistoryLength |
| Precedence | Integer | R/W | msDS-PasswordSettingsPrecedence |
| ProtectedFromAccidentalDeletion | String | R/W | ntSecurityDescriptor |
| ReversibleEncryptionEnabled | Boolean | R/W | msDS-PasswordReverisbleEncryptionEnabled |
The attributes are those of the Password Setting Object (PSO). These are objects of class msDS-PasswordSettings, and are located in the container "cn=Password Setting Container,cn=System,dc=mydomain,dc=com", where the domain is mydomain.com.
See Also
- Active Directory: PowerShell AD Module Properties
- AD DS: Fine-Grained Password Policies
- How to Apply an AD DS Fine-Grained Password Policy on Users Under an Organizational Unit
- Active Directory Back to Basics–Password Policies
- PowerShell Portal
- Wiki: Active Directory Domain Services (AD DS) Portal
- Active Directory: Glossary
- Active Directory PowerShell Cmdlet Properties
- Wiki: Portal of TechNet Wiki Portals
Other Resources
- Get-ADFineGrainedPasswordPolicy
- Set-ADFineGrainedPasswordPolicy
- New-ADFineGrainedPasswordPolicy
- Remove-ADFineGrainedPasswordPolicy
- Get-ADUserResultantPasswordPolicy