Fine Grained Password Policies Facts

by [Published on 6 May 2009 / Last Updated on 31 Dec. 2008]

This article lists some facts about the FGPP.

FGPP is a new feature introduced in Windows Server 2008. This feature offers the multiple password policies to users in the organization. Here are some points which describe the FGPP features and facts:

  • There are two new Object Classes in Schema for PSO: 
  •  PSC: Password Settings Container
  •  PSO: Password Settings Object
  • Multiple Password and Account Lockout Policies
  • Specific to a user or security group.
  • No need for another domain
  • Cannot apply directly to Organization Unit directly
  • Apply to User and Security Groups only, doesn't apply to computer accounts.
  • Do not interact with customer password filters
  • Multiple PSOs can be applied to a user or group, only one PSO is applied at a time
  • PSO Settings are not merged
  • PSO must be configured using either LDIFDE or ADSIEdit.msc snap-in.
  • The following attributes must be set for a PSO to work:
      Attributes:  (Must have a value)                                                                 
      msDS-PSOAppliesTo (Not Mandatory)      


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Latest Contributions

Featured Links