Tuesday, 6 May 2008

Password Policy Details / Updated Quest AD Cmdlets

Quest have released an updated version (1.1.0) of their AD cmdlets.

Published as part of the update is the ability to find details of the default domain password policy, previously a little tricky to get hold of.

A simple:

Get-QADObject domainname/ | format-list *

exposes the information you can obtain.

We've been doing a lot of work recently with password policies and

(Get-QADObject domainname/).MaximumPasswordAge

makes some of this work now a snap!



Or even easier

(Get-QADRootDSE).Domain | Format-List Name, *Password*, *Lockout*

Name : springfield
MinimumPasswordAge : 7 days
MaximumPasswordAge : 90 days
PasswordHistoryLength : 10 passwords remembered
MinimumPasswordLength : 6 characters
LockoutDuration : 30 minutes
LockoutTreshold : 5 invalid logon attempts
ResetLockoutCounterAfter : 30 minutes

Thanks Mr Sotnikov!

No comments: