Configuration driven Active Directory management.
Register a new Finegrained Password Policy as the desired state.
Register-DMPasswordPolicy [-Name] <String> [-DisplayName] <String> [-Description] <String>
[-Precedence] <Int32> [-MinPasswordLength] <Int32> [-SubjectGroup] <String[]> [-LockoutThreshold] <Int32>
[-MaxPasswordAge] <TimeSpanParameter> [[-ComplexityEnabled] <Boolean>]
[[-LockoutDuration] <TimeSpanParameter>] [[-LockoutObservationWindow] <TimeSpanParameter>]
[[-MinPasswordAge] <TimeSpanParameter>] [[-PasswordHistoryCount] <Int32>]
[[-ReversibleEncryptionEnabled] <Boolean>] [[-SubjectDomain] <String>] [[-Present] <Boolean>]
[<CommonParameters>]
Register a new Finegrained Password Policy as the desired state. These policies are then compared to the current state in a domain.
Get-Content $configPath | ConvertFrom-Json | Write-Output | Register-DMPasswordPolicy
Imports all the configured policies from the defined config json file.
The name of the PSO.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The display name of the PSO.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The description for the PSO.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The precedence rating of the PSO. The lower the precedence number, the higher the priority.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: True
Position: 4
Default value: 0
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The minimum number of characters a password must have.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: True
Position: 5
Default value: 0
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The group that the PSO should be assigned to.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: True
Position: 6
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
How many bad password entries will lead to account lockout?
Type: Int32
Parameter Sets: (All)
Aliases:
Required: True
Position: 7
Default value: 0
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The maximum age a password may have before it must be changed.
Type: TimeSpanParameter
Parameter Sets: (All)
Aliases:
Required: True
Position: 8
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Whether complexity rules are applied to users affected by this policy. By default, complexity rules requires 3 out of: “Lowercase letter”, “Uppercase letter”, “number”, “special character”. However, custom password filters may lead to very validation rules.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 9
Default value: True
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
If the account is being locked out, how long will the lockout last.
Type: TimeSpanParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 10
Default value: 1h
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
What is the time window before the bad password count is being reset.
Type: TimeSpanParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 11
Default value: 1h
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
How soon may a password be changed again after updating the password.
Type: TimeSpanParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 12
Default value: 30m
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
How many passwords are kept in memory to prevent going back to a previous password.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 13
Default value: 24
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Whether the password should be stored in a manner that allows it to be decrypted into cleartext. By default, only un-reversible hashes are being stored.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 14
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
The domain the group is part of. Defaults to the target domain.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 15
Default value: %DomainFqdn%
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
Whether the PSO should exist. Defaults to $true. If this is set to $false, no PSO will be created, instead the PSO will be removed if it exists.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 16
Default value: True
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.