Using PowerShell to get fine-grained password policy

Step 1: View all password policies in AD

Run the script below to list existing policies. This displays all defined fine-grained password policies.

Step 2: Retrieve details of a specific policy

Check the settings for a specific policy. This script displays the password length, complexity, and lockout settings.

Step 3: Find users assigned to a policy

Check which users are following a specific policy. This script lists users and groups affected by the policy.

Step 4: Assign or remove a user from a policy

To apply a policy to a new user, run the script below.

To remove a user from a policy, run the script below.

FAQs

1. How do I check if fine-grained password policies (FGPP) are enabled?

Check if fine-grained password policies (FGPP) are enabled by running the script below.

2. How do I apply FGPP to a specific user?

Apply FGPP to a specific user by running the script below.

3. Can FGPP override the domain’s default password policy?

Yes, FGPP takes priority for assigned users or groups.