RightClickNewNetwork

User Tools

Site Tools

You are here: adsetup » adsetup » fined_grained_password_policies
adsetup:fined_grained_password_policies

The following Fine Grained Password Policies are created by using the Set_FGPolicy function. 

Function Set_FGPolicy {

Param ($Name,$Precedence,$Complexity,$Description,$DisplayName,$LockoutDuration,$LockoutObservationWindow,$LockoutThreshold,$MaxPasswordAge,$MinPasswordAge,$MinPasswordLength,$PasswordHistoryCount,$ProtectedFromAccidentalDeletion,$ReversibleEncryptionEnabled,$Server,$Subjects)

New-ADFineGrainedPasswordPolicy -Name $Name -Precedence $Precedence -ComplexityEnabled $Complexity -Description $Description -DisplayName $DisplayName -LockoutDuration $LockoutDuration -LockoutObservationWindow $LockoutObservationWindow -LockoutThreshold $LockoutThreshold -MaxPasswordAge $MaxPasswordAge -MinPasswordAge $MinPasswordAge -MinPasswordLength $MinPasswordLength -PasswordHistoryCount $PasswordHistoryCount -ProtectedFromAccidentalDeletion $ProtectedFromAccidentalDeletion -ReversibleEncryptionEnabled $ReversibleEncryptionEnabled -Server $Server

Try {Get-ADGroup "$Subjects" -Server $SelectedDC > $Null}
              Catch {New-ADGroup -GroupScope Global -Name "$Subjects" -Server $SelectedDC}
              Finally {
              $SubjectsGUID = (Get-ADGroup "$Subjects" -Server $SelectedDC).ObjectGUID.GUID
              If ($Subjects -notlike "*Domain*") {If ($CreateOU -eq $True) {Move-ADObject -Identity $SubjectsGUID -Targetpath $GroupsOU -Server $SelectedDC > $Null}}
              }

Add-ADFineGrainedPasswordPolicySubject -Identity $Name -Subjects $Subjects -Server $Server

}#End Function Set_FGPolicy

Set_FGPolicy “$Base User FG Password Policy” 300 $True “Default Fine Grained Password Policy for Domain Users” “Domain Users Fine Grained Password Policy” “2:00” “0:30” 30 “90” “0” 8 10 $Production $True $SelectedDC “Domain Users”
Set_FGPolicy “$Base Admin FG Password Policy” 200 $True “Default Fine Grained Password Policy for Admin Users” “Domain Admins Fine Grained Password Policy” “1” “1” 5 “90” “0” 12 10 $Production $False $SelectedDC “Domain Admins”
Set_FGPolicy “$Base Service Account FG Password Policy” 100 $True “Default Fine Grained Password Policy for Service Accounts” “Server Accounts Fine Grained Password Policy” “1” “1” 5 “180” “0” 15 60 $Production $False $SelectedDC “$Base Service Accounts”

adsetup/fined_grained_password_policies.txt · Last modified: 2017/03/15 02:05 by 127.0.0.1