Get the users and groups to which a fine grained password policy is applied.

      Get-ADFineGrainedPasswordPolicySubject [-Identity] ADFineGrainedPasswordPolicy
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-Server string] [CommonParameters]

   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.

   -Credential PSCredential
       A user account that has permission to perform this action.
       The default is the current user unless the cmdlet is run from an AD PowerShell provider drive
       in which case the account associated with the drive is the default.

       "User64" or "Domain01\User64" or a PSCredential object.

   -Identity ADFineGrainedPasswordPolicy
       Specify an AD fine-grained password policy object by providing one of the following values.
       (The identifier in parentheses is the LDAP provider name for the attribute.)

          Distinguished Name 
            Example: CN=Strict Password Policy,CN=Password Settings Container,CN=System,DC=SS64,DC=com 
          GUID (objectGUID) 
            Example: 599c4d2e-f72d-4d20-8a78-030d69495f20
          Security Identifier (objectSid) 
            Example: S-1-5-21-5165297888-301467370-576410423-1803
          Security Accounts Manager (SAM) Account Name (sAMAccountName)
            Example: PasswordPolicyLevel1

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       This parameter can also get this object through the pipeline or you can set this
       parameter to an object instance.

   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       NetBIOS name, Fully qualified directory server name (with or without port number) or AD Snapshot instance.

       Examples:  demo

Get- ADFineGrainedPasswordPolicySubject gets the users and groups that are subject to a Fine-Grained Password Policy.

The -Identity parameter specifies the Fine-Grained Password Policy. Identify a fine grained password policy by its distinguished name, GUID or name. The -Identity parameter may also be set to a Fine-Grained Password Policy object variable, or passed through the pipeline using for example Get-ADFineGrainedPasswordPolicy.


Get the Fine Grained Password Policy subject of the Password Policy named 'SS64PasswordSettings':

PS C:\> Get-ADFineGrainedPasswordPolicySubject -Identity SS64PasswordSettings | FT Name,ObjectClass,DistinguishedName -AutoSize

“One of the most wonderful things in nature is a glance of the eye; it transcends speech; it is the bodily symbol of identity” ~ Ralph Waldo Emerson

Related PowerShell Cmdlets

Add-adFineGrainedPasswordPolicySubject - Apply a fine-grained password policy to one more users and groups.
Remove-adFineGrainedPasswordPolicySubject - Remove one or more users from a fine-grained policy.

Copyright © 1999-2023
Some rights reserved