Pricing  Get Quote
 
 

How to: Managing fine-grained password policies via PowerShell

The PowerShell scripts given below can be used to manage the fine-grained password policy for an Active Directory domain. ADSelfService Plus, the Active Directory self-service password management and single sign-on solution, provides advanced password policy settings that can be applied for both on-premises and cloud applications. The following is a comparison between the PowerShell scripts used to manage fine-grained password policy settings and ADSelfService Plus:

With PowerShell

  • Create a new Active Directory fine-grained password policy
    New-ADFineGrainedPasswordPolicy
       [-WhatIf]
       [-Confirm]
       [-AuthType <ADAuthType>]
       [-ComplexityEnabled <Boolean>]
       [-Credential <PSCredential>]
       [-Description <String>]
       [-DisplayName <String>]
       [-Instance <ADFineGrainedPasswordPolicy>]
       [-LockoutDuration <TimeSpan>]
       [-LockoutObservationWindow <TimeSpan>]
       [-LockoutThreshold <Int32>]
       [-MaxPasswordAge <TimeSpan>]
       [-MinPasswordAge <TimeSpan>]
       [-MinPasswordLength <Int32>]
       [-Name] <String>
       [-OtherAttributes <Hashtable>]
       [-PassThru]
       [-PasswordHistoryCount <Int32>]
       [-Precedence] <Int32>
       [-ProtectedFromAccidentalDeletion <Boolean>]
       [-ReversibleEncryptionEnabled <Boolean>]
       [-Server <String>]
       [<CommonParameters>]
     Copied
    Click to copy entire script
  • Perform a search to retrieve one or multiple fine-grained password policies.
    Get-ADFineGrainedPasswordPolicy
       [-AuthType <ADAuthType>]
       [-Credential <PSCredential>]
       [-Identity] <ADFineGrainedPasswordPolicy>
       [-Properties <String[]>]
       [-Server <String>]
       [<CommonParameters>]

With ADSelfService Plus

  • Configure a custom password policy via the Password Policy Enforcer
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Password Policy Enforcer.
    • Enable Enforce Custom Password Policy.
      how-to-get-fine-grained-password-policy-using-powershell-1
    • Ban dictionary or weak passwords, keyboard sequences, and palindromes.
    • Restrict consecutively repeated characters from the username or old password, as well as common character types at the beginning or end of the passwords.
    • Allow users to use Unicode characters in their passwords.
    • Display a password strength meter when users change or reset their AD passwords.
    • Enforce passphrases instead of password complexity rules if the password length is above a set number.
    • Click Save.

Advantages of ADSelfService Plus

  • ADSelfService Plus' advanced password policy settings bans dictionary and weak passwords, palindromes, keyboard sequences, and more.
  • ADSelfService Plus integrates with Have I Been Pwned? service to ensure that users don't use breached passwords during password change and password reset.
  • Display the password requirements to end users during password change or reset operations on the Ctrl+Alt+Del screen.
  • Enforce custom password policy settings even for password changes through the Windows logon (Ctrl+Alt+Del) screen and during ADUC password resets.
Salient features of ADSelfService Plus
  • Defence against cyberattacks:

    Ensures users don't use easily exploitable passwords like pass@123.

  • Improves IT security:

    Provides advanced multi-factor authentication techniques including biometrics and YubiKey.

  • Universal enforcement:

    Admins can enforce the custom password policies for both Active Directory and cloud applications.

  • OU and group-based enforcement:

    Admins can choose to enforce different password policies for users based on their OU and group memberships.

Defense against cyber-terrorism with custom password policy controls.

  Get 30-day free trial.
  • Embark on your script-free AD Self-service password management with ADSelfService Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

    Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link