Active Directory Service Interfaces Editor (ADSI Edit) provides a view of every object and attribute in an Active Directory Domain Services (AD DS) forest. You can use ADSI Edit to query, view, and edit AD DS objects and attributes.
how to setup password policy by PSO using ADSI Edit
-
Click Start, click Run, type adsiedit.msc, and then Click OK.
- In the ADSI Edit snap-in, right-click ADSI Edit, and then click Connect to.
- In Name, type the fully qualified domain name (FQDN) of the domain in which you want to create the PSO, and then click OK.
- Double-click the domain.
- Double-click DC=<domain_name>.
- Double-click CN=System.
- Click CN=Password Settings Container.
- Right-click CN=Password Settings Container, click New, and then click Object.
- In the Create Object dialog box, under Select a class, click msDS-PasswordSettings, and then click Next.
- In Value, type the name of the new PSO, and then click Next.
- Continue with the wizard, and enter appropriate values for all mustHave attributes.
For example: dn: CN=PSO1, CN=Password Settings Container,CN=System,DC=dc1,DC=contoso,DC=com changetype: add objectClass: msDS-PasswordSettings msDS-MaximumPasswordAge:-1728000000000 msDS-MinimumPasswordAge:-864000000000 msDS-MinimumPasswordLength:8 msDS-PasswordHistoryLength:24 msDS-PasswordComplexityEnabled:TRUE msDS-PasswordReversibleEncryptionEnabled:FALSE msDS-LockoutObservationWindow:-18000000000 msDS-LockoutDuration:-18000000000 msDS-LockoutThreshold:0 msDS-PasswordSettingsPrecedence:20 msDS-PSOAppliesTo:CN=user1,CN=Users,DC=dc1,DC=contoso,DC=com