-
Notifications
You must be signed in to change notification settings - Fork 141
ADDomainDefaultPasswordPolicy
dscbot edited this page Aug 24, 2023
·
3 revisions
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| DomainName | Key | String | Name of the domain to which the password policy will be applied. | |
| ComplexityEnabled | Write | Boolean | Whether password complexity is enabled for the default password policy. | |
| LockoutDuration | Write | UInt32 | Length of time that an account is locked after the number of failed login attempts (minutes). | |
| LockoutObservationWindow | Write | UInt32 | Maximum time between two unsuccessful login attempts before the counter is reset to 0 (minutes). | |
| LockoutThreshold | Write | UInt32 | Number of unsuccessful login attempts that are permitted before an account is locked out. | |
| MinPasswordAge | Write | UInt32 | Minimum length of time that you can have the same password (minutes). | |
| MaxPasswordAge | Write | UInt32 | Maximum length of time that you can have the same password (minutes). | |
| MinPasswordLength | Write | UInt32 | Minimum number of characters that a password must contain. | |
| PasswordHistoryCount | Write | UInt32 | Number of previous passwords to remember. | |
| ReversibleEncryptionEnabled | Write | Boolean | Whether the directory must store passwords using reversible encryption. | |
| DomainController | Write | String | Active Directory domain controller to enact the change upon. | |
| Credential | Write | PSCredential | Credentials used to access the domain. |
The ADDomainDefaultPasswordPolicy DSC resource will manage an Active Directory domain's default password policy.
- Target machine must be running Windows Server 2008 R2 or later.
This configuration will set an Active Directory domain's default password policy to set the minimum password length and complexity.
Configuration ADDomainDefaultPasswordPolicy_ConfigureDefaultPasswordPolicy_Config
{
Param
(
[Parameter(Mandatory = $true)]
[System.String]
$DomainName,
[Parameter(Mandatory = $true)]
[System.Boolean]
$ComplexityEnabled,
[Parameter(Mandatory = $true)]
[System.Int32]
$MinPasswordLength
)
Import-DscResource -Module ActiveDirectoryDsc
Node localhost
{
ADDomainDefaultPasswordPolicy 'DefaultPasswordPolicy'
{
DomainName = $DomainName
ComplexityEnabled = $ComplexityEnabled
MinPasswordLength = $MinPasswordLength
}
}
}- ADComputer
- ADDomain
- ADDomainController
- ADDomainControllerProperties
- ADDomainDefaultPasswordPolicy
- ADDomainFunctionalLevel
- ADDomainTrust
- ADFineGrainedPasswordPolicy
- ADForestFunctionalLevel
- ADForestProperties
- ADGroup
- ADKDSKey
- ADManagedServiceAccount
- ADObjectEnabledState
- ADObjectPermissionEntry
- ADOptionalFeature
- ADOrganizationalUnit
- ADReadOnlyDomainControllerAccount
- ADReplicationSite
- ADReplicationSiteLink
- ADReplicationSubnet
- ADServicePrincipalName
- ADUser
- Home
- WaitForADDomain