Creating and applying a PSO with QADPasswordSettingsObject cmdlets is a snap
Creating an additional Password Policy (known as Password Settings Object) in Windows Server 2008 is very easy with QAD Cmdlets. Create a PSO with New-QADPasswordSettingsObject for example as shown below,
[PS] C:\Windows\System32>New-QADPasswordSettingsObject -name "Traders-Password-Policy" `
>> -passwordhistorylength 9 `
>> -passwordcomplexityenabled $true `
>> -minimumpasswordlength 7 `
>> -minimumpasswordage 1 `
>> -maximumpasswordage 15
>>
...
Name Type DN
---- ---- --
Traders-Password-Policy msDS-Passwor... CN=Traders-Password-Policy,CN=Password Settings Container,CN=System,D...
To check what other password’s attributes can be defined, see help for New-QADPasswordSettingsObject. The -appliesto parameter lets you define the PSO for a Group or individual user as well from right within the cmdlet shown above, but you can also do this.
[PS] C:\Windows\System32>Add-QADPasswordSettingsObjectAppliesTo 'traders-password-policy' -AppliesTo joe.blow
Name Type DN
---- ---- --
Joe Blow user CN=Joe Blow,OU=Users,OU=Chicago,DC=techevan,DC=lab
Unfortunately, there is no Set-QADPasswordSettingsObject cmdlet yet that lets you modify an existing PSO. You can use ADSIEDIT.msc to do that. Launch ADSIEDIT, and go to \domain node\System\Password Settings Container. Find the relevant PSO and go to its properties and make your modifications.
If you log on as the user who we just applied this PSO to in our above example, you will be notified that your password expires in 14 days. Its a great feature in Windows 7.
For more information see these links :
http://technet.microsoft.com/en-us/library/cc753481.aspx#BKMK_2
