Get-ADDefaultDomainPasswordPolicy

Get the default password policy for an Active Directory domain.

Syntax
      Get-ADDefaultDomainPasswordPolicy [[-Current] {LocalComputer | LoggedOnUser}]
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-Server string] [CommonParameters]

      Get-ADDefaultDomainPasswordPolicy [-Identity] ADDefaultDomainPasswordPolicy
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-Server string] [CommonParameters]

Key
   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.

   -Credential PSCredential
       A user account that has permission to perform this action.
       The default is the current user unless the cmdlet is run from an AD PowerShell provider drive
       in which case the account associated with the drive is the default.

       "User64" or "Domain01\User64" or a PSCredential object.

   -Current ADCurrentDomainType
       Whether to return the domain of the local computer or the current logged on user.
       Possible values:
          LocalComputer or 0
          LoggedOnUser  or 1

   -Identity ADAccount
       Specify an AD domain object by providing one of the following values.
       (The identifier in parentheses is the LDAP provider name for the attribute.)

          Distinguished Name 
            Example: DC=Helvetia,DC=corp,DC=SS64,DC=com 
          GUID (objectGUID) 
            Example: 599c4d2e-f72d-4d20-8a78-030d69495f20
          Security Identifier (objectSid) 
            Example: S-1-5-21-5165297888-301467370-576410423-1803
          Security Accounts Manager (SAM) Account Name (sAMAccountName)
            Example: Helvetia

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       This parameter can also get this object through the pipeline or you can set this
       parameter to an object instance.

   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       NetBIOS name, Fully qualified directory server name (with or without port number) or AD Snapshot instance.

       Examples: demo.SS64.com  demo  demoDC02.demo.ss64.com  demoDC02.demo.ss64.com:3268

Get-ADDefaultDomainPasswordPolicy gets the default password policy for a domain. The -Identity parameter specifies the Active Directory domain.

Examples

Get the default domain password policy from current logged on user domain:

PS C:\> Get-ADDefaultDomainPasswordPolicy

Get the default domain password policy from current local computer:

PS C:\> Get-ADDefaultDomainPasswordPolicy -Current LocalComputer

Get the default domain password policy from a given domain:

PS C:\> Get-ADDefaultDomainPasswordPolicy -Identity SS64.com

Get the default domain password policy objects from all the domains in the forest:

PS C:\> (Get-ADForest -Current LoggedOnUser).Domains | %{ Get-ADDefaultDomainPasswordPolicy -Identity $_ }

“Find purpose, the means will follow” ~ Mohandas Gandhi

Related PowerShell Cmdlets

Set-adDefaultDomainPasswordPolicy - Modify the default password policy for an AD domain


 
Copyright © 1999-2024 SS64.com
Some rights reserved