Using PowerShell to manage fine-grained password policies

by Mitch Tulloch [Published on 3 July 2013 / Last Updated on 3 July 2013]

A tip on how you can use Windows PowerShell to configure and manage fine-grained password policies in Windows Server 2012 Active Directory environments.

You can use Windows PowerShell to create, modify, or delete fine-grained password policies for your domain. For example, you can use the New-ADFineGrainedPasswordPolicy cmdlet to create a new fine-grained password policy. You can also use the Set-ADFineGrainedPasswordPolicy cmdlet to modify an existing fine-grained password policy. And you can use the Remove-ADFineGrainedPasswordPolicy cmdlet to delete a fine-grained password policy that is no longer needed in your environment. Use the Get-Help cmdlet to display the syntax and examples for each of these cmdlets.

You can also use Windows PowerShell to view the resultant password settings for a user. You can do this using the Get-ADUserResultantPasswordPolicy cmdlet. Use the Get-Help cmdlet to display the syntax and examples for this cmdlet.

This tip is excerpted from my latest book Training Guide: Installing and Configuring Windows Server 2012 from Microsoft Press.

Mitch Tulloch is a nine-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows administration, deployment and virtualization.  For more information see

Featured Links