-
Notifications
You must be signed in to change notification settings - Fork 144
ADDomainDefaultPasswordPolicy
dscbot edited this page Mar 15, 2025
·
4 revisions
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| DomainName | Key | String | Name of the domain to which the password policy will be applied. | |
| ComplexityEnabled | Write | Boolean | Whether password complexity is enabled for the default password policy. | |
| Credential | Write | PSCredential | Credentials used to access the domain. | |
| DomainController | Write | String | Active Directory domain controller to enact the change upon. | |
| LockoutDuration | Write | UInt32 | Length of time that an account is locked after the number of failed login attempts (minutes). | |
| LockoutObservationWindow | Write | UInt32 | Maximum time between two unsuccessful login attempts before the counter is reset to 0 (minutes). | |
| LockoutThreshold | Write | UInt32 | Number of unsuccessful login attempts that are permitted before an account is locked out. | |
| MaxPasswordAge | Write | UInt32 | Maximum length of time that you can have the same password (minutes). | |
| MinPasswordAge | Write | UInt32 | Minimum length of time that you can have the same password (minutes). | |
| MinPasswordLength | Write | UInt32 | Minimum number of characters that a password must contain. | |
| PasswordHistoryCount | Write | UInt32 | Number of previous passwords to remember. | |
| ReversibleEncryptionEnabled | Write | Boolean | Whether the directory must store passwords using reversible encryption. |
The ADDomainDefaultPasswordPolicy DSC resource will manage an Active Directory domain's default password policy.
- Target machine must be running Windows Server 2008 R2 or later.
This configuration will set an Active Directory domain's default password policy to set the minimum password length and complexity.
Configuration ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config
{
Param
(
[Parameter(Mandatory = $true)]
[System.String]
$DomainName,
[Parameter(Mandatory = $true)]
[System.Boolean]
$ComplexityEnabled,
[Parameter(Mandatory = $true)]
[System.Int32]
$MinPasswordLength
)
Import-DscResource -Module ActiveDirectoryDsc
Node localhost
{
ADDomainDefaultPasswordPolicy 'DefaultPasswordPolicy'
{
DomainName = $DomainName
ComplexityEnabled = $ComplexityEnabled
MinPasswordLength = $MinPasswordLength
}
}
}- ADComputer
- ADDomain
- ADDomainController
- ADDomainControllerProperties
- ADDomainDefaultPasswordPolicy
- ADDomainFunctionalLevel
- ADDomainTrust
- ADFineGrainedPasswordPolicy
- ADForestFunctionalLevel
- ADForestProperties
- ADGroup
- ADKDSKey
- ADManagedServiceAccount
- ADObjectEnabledState
- ADObjectPermissionEntry
- ADOptionalFeature
- ADOrganizationalUnit
- ADReadOnlyDomainControllerAccount
- ADReplicationSite
- ADReplicationSiteLink
- ADReplicationSubnet
- ADServicePrincipalName
- ADUser
- Home
- WaitForADDomain