How To Check If A PSO Has Been Applied To A User Or Group

by [Published on 11 Sept. 2008 / Last Updated on 11 Sept. 2008]

Checking users' password policies in Windows Server 2008 domain.

In Windows Server 2008 you can implement multiple password policies for users or groups. The effective password policies for a user or group are stored in AD Attributes. You need to use Attribute Editor to check the password policy status. There is an attribute that you need to check. 


  • Right Click on User or Group > Property.
  • Click on Attribute Editor Tab.
  • Find the msDS-ResultantPSO attribute.
  • If a password policy or PSO applies to a user or group, it will be displayed in the attribute's property with the CN of the PSO.


See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links