How To Check If A PSO Has Been Applied To A User Or Group

by [Published on 11 Sept. 2008 / Last Updated on 11 Sept. 2008]

Checking users' password policies in Windows Server 2008 domain.

In Windows Server 2008 you can implement multiple password policies for users or groups. The effective password policies for a user or group are stored in AD Attributes. You need to use Attribute Editor to check the password policy status. There is an attribute that you need to check. 


  • Right Click on User or Group > Property.
  • Click on Attribute Editor Tab.
  • Find the msDS-ResultantPSO attribute.
  • If a password policy or PSO applies to a user or group, it will be displayed in the attribute's property with the CN of the PSO.


Featured Links