The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADFineGrainedPasswordPolicy cmdlet supports the default and extended properties listed in the following table.

Many can be assigned values with the Set-ADFineGrainedPasswordPolicy cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink.

Property Syntax R/RW lDAPDisplayName
AppliesTo ADCollection R/W msDS-PSOAppliesTo
CanonicalName String R canonicalName
CN String R cn
ComplexityEnabled Boolean R/W msDS-PasswordComplexityEnabled
Created String R whenCreated
Deleted String R isDeleted
Description String R/W description
DisplayName String R/W displayName
DistinguishedName String (DN) R distinguishedName
LastKnownParent String (DN) R lastKnownParent
LockoutDuration TimeSpan R/W msDS-LockoutDuration
LockoutObservationWindow TimeSpan R/W msDS-lockoutObservationWindow
LockoutThreshold Integer R/W msDS-lockoutThreshold
MaxPasswordAge TimeSpan R/W msDS-MaximumPasswordAge
MinPasswordAge TimeSpan R/W msDS-MinimumPasswordAge
MinPasswordLength Integer R/W msDS-MinimumPasswordLength
Modified String R whenChanged
Name String R cn (Relative Distinguished Name)
ObjectCategory String R objectCategory
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID, converted to string
PasswordHistoryCount Integer R/W msDS-PasswordHistoryLength
Precedence Integer R/W msDS-PasswordSettingsPrecedence
ProtectedFromAccidentalDeletion String R/W ntSecurityDescriptor
ReversibleEncryptionEnabled Boolean R/W msDS-PasswordReverisbleEncryptionEnabled

The attributes are those of the Password Setting Object (PSO). These are objects of class msDS-PasswordSettings, and are located in the container "cn=Password Setting Container,cn=System,dc=mydomain,dc=com", where the domain is

See Also

Other Resources