We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Change Default Domain Password Policy

January 20, 2016 Views: 2261

This script changes the default password policy of an Active Directory domain.

Edit Remove
PowerShell
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# TODO: modify me
$domain = "domain.com"
$maxPwdAgeDays = 55                 # Max password age (days)
$minPwdAgeDays = 5                  # Min password age (days)
$minPwdLen = 8                      # Min password length
$pwdComplexity = $True              # Password complexity
$pwdHistoryLen = 24                 # Password history length
$maxBadPasswordsAllowed = 15        # Lock account after N attempts
$lockoutObservationMins = 35        # Reset failed attempt counter after (minutes)
$lockoutDurationMins = 50           # Automatically unlock after (minutes)

# Bind to the domain
$domain = $admService.OpenObject("Adaxes://$domain", $NULL  $NULL, 0)


# Update the Defaut Domain Password Policy
[Softerra.Adaxes.Adsi.AdsLargeInteger]$maxAge = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$maxPwdAgeDays * 60 * 60 * 24 * -10000000)
$domain.Put("maxPwdAge", $maxAge)
[Softerra.Adaxes.Adsi.AdsLargeInteger]$minAge = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$minPwdAgeDays * 60 * 60 * 24 * -10000000)
$domain.Put("minPwdAge", $minAge)
$domain.MinPasswordLength = $minPwdLen

$passwordAttrs = 0 # PASSWORD_ATTR_NONE
if ($pwdComplexity)
{
    $passwordAttrs = $passwordAttrs -bor 1 # DOMAIN_PASSWORD_COMPLEX
}

$domain.Put("pwdProperties", $passwordAttrs)
$domain.PasswordHistoryLength = $pwdHistoryLen
$domain.MaxBadPasswordsAllowed = $maxBadPasswordsAllowed

[Softerra.Adaxes.Adsi.AdsLargeInteger]$lockoutWindow = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$lockoutObservationMins * 60 * -10000000)
$domain.Put("lockOutObservationWindow", $lockoutWindow)

[Softerra.Adaxes.Adsi.AdsLargeInteger]$autoUnlock = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$lockoutDurationMins * 60 * -10000000)
$domain.Put("lockoutDuration", $autoUnlock)

# Commit changes
$domain.SetInfo()
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers