What is the need for ms-DS-Password-Settings-Precedence attribute in Active Directory

When multiple password settings objects (PSOs) are applied to an object, this attribute specifies the precedence or order of priority in which the PSOs should be applied. Lower the value for a PSO, higher its precedence.

For more details about this attribute, please refer to this MS document.

Did you know?

You can find out all password expired users, users whose passwords will expire soon, users whose passwords will never expire, etc., at just the click of a mouse button. In fact you can also manage and report on AD user accounts easily, without scripting.

Wondering how? Just give ADManager Plus a try.

This integrated AD, Office 365 and Exchange management software offers predefined features and reports to:

• Find users with expired, soon-to-expire and never expiring passwords, and reset their passwords, right from the report.
• Identify password unchanged users and users who have to change their passwords at the next logon.
• Reset or change passwords of users in bulk, at once.
• Know users' real last logon times, and the recently logged on users.
• Find all locked out user accounts.
• Unlock locked out user accounts in bulk, using CSV.
• Automatically unlock all locked out accounts, periodically.
• Generate detailed report on locked out user accounts, and unlock them on-the-fly, right from the report.
• Delegate the task of password reset and unlocking locked out user accounts securely to help desk and even non-IT users.
• View all the password expired and locked out user accounts in the domain in a customizable dashboard.

Download the free 30-day trial of ADManager Plus to explore all these features and more, in your environment at your convenience.