Home » PowerShell » Check Password Policy in the Active Directory

Check Password Policy in the Active Directory

by

Use the Get-ADDefaultDomainPasswordPolicy cmdlet in PowerShell to check password policy in the Active Directory. This command gets details like MaxPasswordAge, MinPasswordAge, Password length, etc…

Use the Group Policy Management editor to view the password policy in the Active Directory.

Active Directory is configured with default password policy for the domain like MaxPasswordAge, MinPasswordAge, Password length, etc…

In this article, we will discuss how to check the password policy in the Active Directory using the Get-ADDefaultDomainPasswordPolicy cmdlet in PowerShell and Group Policy Management interface.

Table of Contents hide
1 Use PowerShell to Check Password Policy in the Active Directory
2 Use Group Policy Management to Check Password Policy
3 Conclusion

Use PowerShell to Check Password Policy in the Active Directory

Using the PowerShell command Get-ADDefaultDomainPasswordPolicy, it can quickly and easily retrieve the password policy in the active directory.

Get-ADDefaultDomainPasswordPolicy

In the above PowerShell script, the Get-ADDefaultDomainPasswordPolicy cmdlet without any argument fetches the password policy for the domain in the Active Directory. You can check the password policy details configured in the AD.

The output of the above PowerShell script to get and display password policy in AD is:

Check Password Policy in Active Directory using PowerShell
Check Password Policy in Active Directory using PowerShell

It displays the password complexity details like the password should have a minimum length of 7 and ComplexityEnabled is set to true to force user to type strong password.

Use Group Policy Management to Check Password Policy

The Group Policy Management feature allows you to control and manage group policy objects.

To find the password policy in the Active Directory using the group policy user interface, use the command gpmc.msc to open the Group Policy Management interface.

# Use gpmc.msc command in Command Prompt(cmd)
gpmc.msc

# use gmpc command in PowerShell terminal
gpmc

The above command starts the group policy management console.

To view the password policy set in the Active Directory,

  • Right-click on “Default Domain Policy” and click edit, it will open the group policy management editor
  • Click on Computer Configuration, select Policies
  • Click on Windows Settings, select Account Policies
  • Click on Password Policy to view the password policy in the AD

The output of the above steps to check the password policy in AD is:

Group Policy - Check Password Policy in AD
Group Policy – Check the Password Policy in AD

The password complexity requirement in the active directory is set as enabled and requires a minimum password length of 7.

Conclusion

I hope the above article on how to check password policy in Active Directory using PowerShell command and Group Policy Management editor is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.