Using PowerShell to manage fine-grained password policies

by Mitch Tulloch [Published on 3 July 2013 / Last Updated on 3 July 2013]

A tip on how you can use Windows PowerShell to configure and manage fine-grained password policies in Windows Server 2012 Active Directory environments.

You can use Windows PowerShell to create, modify, or delete fine-grained password policies for your domain. For example, you can use the New-ADFineGrainedPasswordPolicy cmdlet to create a new fine-grained password policy. You can also use the Set-ADFineGrainedPasswordPolicy cmdlet to modify an existing fine-grained password policy. And you can use the Remove-ADFineGrainedPasswordPolicy cmdlet to delete a fine-grained password policy that is no longer needed in your environment. Use the Get-Help cmdlet to display the syntax and examples for each of these cmdlets.

You can also use Windows PowerShell to view the resultant password settings for a user. You can do this using the Get-ADUserResultantPasswordPolicy cmdlet. Use the Get-Help cmdlet to display the syntax and examples for this cmdlet.

This tip is excerpted from my latest book Training Guide: Installing and Configuring Windows Server 2012 from Microsoft Press.

Mitch Tulloch is a nine-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows administration, deployment and virtualization.  For more information see

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see .

Latest Contributions

Featured Links