PoshCode Logo PowerShell Code Repository

Get-DomainPasswordPolicy by gfilice 7 weeks ago (modification of post by AlphaSun view diff)
diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/6777"></script>download | new post

This is a function that queries the domain for the password policies that are set via Group Policy. Output objects include Min Password Length, Min Password Age, Max Password Age, number of passwords remembered (for password history restrictions), Lockout Threshold, Lockout Duration, and the Lockout Counter Reset time.

  1. function Get-DomainPasswordPolicy  
  3. {
  4.         $domain = [ADSI]"WinNT://$env:userdomain"
  5.         $Name = @{Name="DomainName";Expression={$_.Name}}
  6.         $MinPassLen = @{Name="Minimum Password Length (Chars)";Expression={$_.MinPasswordLength}}
  7.         $MinPassAge = @{Name="Minimum Password Age (Days)";Expression={$_.MinPasswordAge.value/86400}}
  8.         $MaxPassAge = @{Name="Maximum Password Age (Days)";Expression={$_.MaxPasswordAge.value/86400}}
  9.         $PassHistory = @{Name="Enforce Password History (Passwords remembered)";Expression={$_.PasswordHistoryLength}}
  10.         $AcctLockoutThreshold = @{Name="Account Lockout Threshold (Invalid logon attempts)";Expression={$_.MaxBadPasswordsAllowed}}
  11.         $AcctLockoutDuration =  @{Name="Account Lockout Duration (Minutes)";Expression={if ($_.AutoUnlockInterval.value -eq -1) {'Account is locked out until administrator unlocks it.'} else {$_.AutoUnlockInterval.value/60}}}
  12.         $ResetAcctLockoutCounter = @{Name="Reset Account Lockout Counter After (Minutes)";Expression={$_.LockoutObservationInterval.value/60}}
  13.         $domain | Select-Object $Name,$MinPassLen,$MinPassAge,$MaxPassAge,$PassHistory,$AcctLockoutThreshold,$AcctLockoutDuration,$ResetAcctLockoutCounter
  14. }

Submit a correction or amendment below (
click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

Remember me