How To Check If A PSO Has Been Applied To A User Or Group

by [Published on 11 Sept. 2008 / Last Updated on 11 Sept. 2008]

Checking users' password policies in Windows Server 2008 domain.

In Windows Server 2008 you can implement multiple password policies for users or groups. The effective password policies for a user or group are stored in AD Attributes. You need to use Attribute Editor to check the password policy status. There is an attribute that you need to check. 

Steps:

  • Right Click on User or Group > Property.
  • Click on Attribute Editor Tab.
  • Find the msDS-ResultantPSO attribute.
  • If a password policy or PSO applies to a user or group, it will be displayed in the attribute's property with the CN of the PSO.

 

See Also


The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Featured Links