September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.11. Viewing the Account Lockout and Password Policies
Problem
You want to view the account lockout and password policies for a domain.
Solution
Using a graphical user interface
Open the Domain Security Policy snap-in.
In the left menu, expand Default Domain Policy → Computer Configuration → Windows Settings → Security Settings → Account Policies.
Click on Password Policy or Account Lockout Policy and double-click the property you want to set or view in the right frame.
Using a command-line interface
> enumprop /ATTR:[RETURN]
lockoutduration,lockoutthreshold,lockoutobservationwindow,maxpwdage,minpwdage,[RETURN]
minpwdlength,pwdhistorylength,pwdproperties "LDAP://<DomainDN>"Using VBScript
' This code displays the current settings for the password
' and account lockout policies.
' ------ SCRIPT CONFIGURATION ------
strDomain = "<DomainDN>" ' e.g. rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & _ objRootDSE.Get("defaultNamingContext") ) ' Hash containing the domain password and lockout policy attributes ' as keys and the units (e.g. minutes) as the values set objDomAttrHash = CreateObject("Scripting.Dictionary") objDomAttrHash.Add "lockoutDuration", "minutes" objDomAttrHash.Add "lockoutThreshold", "attempts" objDomAttrHash.Add "lockoutObservationWindow", "minutes" objDomAttrHash.Add "maxPwdAge", "minutes" objDomAttrHash.Add "minPwdAge", "minutes" objDomAttrHash.Add "minPwdLength", ...