Quest have released an updated version (1.1.0) of their AD cmdlets.
Published as part of the update is the ability to find details of the default domain password policy, previously a little tricky to get hold of.
A simple:
Get-QADObject domainname/ | format-list *
exposes the information you can obtain.
We've been doing a lot of work recently with password policies and
(Get-QADObject domainname/).MaximumPasswordAge
makes some of this work now a snap!
--------------------------------------------------------------------------
Update:
Or even easier
(Get-QADRootDSE).Domain | Format-List Name, *Password*, *Lockout*
Name : springfield
MinimumPasswordAge : 7 days
MaximumPasswordAge : 90 days
PasswordHistoryLength : 10 passwords remembered
MinimumPasswordLength : 6 characters
LockoutDuration : 30 minutes
LockoutTreshold : 5 invalid logon attempts
ResetLockoutCounterAfter : 30 minutes
Thanks Mr Sotnikov!
No comments:
Post a Comment