6.11. Viewing the Account Lockout and Password Policies

Problem

You want to view the account lockout and password policies for a domain.

Solution

Using a graphical user interface

  1. Open the Domain Security Policy snap-in.

  2. In the left menu, expand Default Domain Policy Computer Configuration Windows Settings Security Settings Account Policies.

  3. Click on Password Policy or Account Lockout Policy and double-click the property you want to set or view in the right frame.

Using a command-line interface

> enumprop /ATTR:[RETURN] 
lockoutduration,lockoutthreshold,lockoutobservationwindow,maxpwdage,minpwdage,[RETURN]
minpwdlength,pwdhistorylength,pwdproperties "LDAP://<DomainDN>"

Using VBScript

' This code displays the current settings for the password 
' and account lockout policies.
' ------ SCRIPT CONFIGURATION ------
strDomain = "<DomainDN>" ' e.g. rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & _ objRootDSE.Get("defaultNamingContext") ) ' Hash containing the domain password and lockout policy attributes ' as keys and the units (e.g. minutes) as the values set objDomAttrHash = CreateObject("Scripting.Dictionary") objDomAttrHash.Add "lockoutDuration", "minutes" objDomAttrHash.Add "lockoutThreshold", "attempts" objDomAttrHash.Add "lockoutObservationWindow", "minutes" objDomAttrHash.Add "maxPwdAge", "minutes" objDomAttrHash.Add "minPwdAge", "minutes" objDomAttrHash.Add "minPwdLength", ...

Get Active Directory Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.