Skip to main content

Register-DMPasswordPolicy

SYNOPSIS

Register a new Finegrained Password Policy as the desired state.

SYNTAX

__AllParameterSets

Register-DMPasswordPolicy [-Name] <string> [-DisplayName] <string> [-Description] <string>
[-Precedence] <int> [-MinPasswordLength] <int> [-SubjectGroup] <string[]> [-LockoutThreshold] <int>
[-MaxPasswordAge] <TimeSpanParameter> [[-ComplexityEnabled] <bool>]
[[-LockoutDuration] <TimeSpanParameter>] [[-LockoutObservationWindow] <TimeSpanParameter>]
[[-MinPasswordAge] <TimeSpanParameter>] [[-PasswordHistoryCount] <int>]
[[-ReversibleEncryptionEnabled] <bool>] [[-SubjectDomain] <string>] [[-Present] <bool>]
[<CommonParameters>]

DESCRIPTION

Register a new Finegrained Password Policy as the desired state. These policies are then compared to the current state in a domain.

EXAMPLES

EXAMPLE 1

Get-Content $configPath | ConvertFrom-Json | Write-Output | Register-DMPasswordPolicy

Imports all the configured policies from the defined config json file.

PARAMETERS

-ComplexityEnabled

Whether complexity rules are applied to users affected by this policy. By default, complexity rules requires 3 out of: "Lowercase letter", "Uppercase letter", "number", "special character". However, custom password filters may lead to very validation rules.

Type: System.Boolean
DefaultValue: True
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 8
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Description

The description for the PSO.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 2
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-DisplayName

The display name of the PSO.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 1
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-LockoutDuration

If the account is being locked out, how long will the lockout last.

Type: PSFramework.Parameter.TimeSpanParameter
DefaultValue: 1h
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 9
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-LockoutObservationWindow

What is the time window before the bad password count is being reset.

Type: PSFramework.Parameter.TimeSpanParameter
DefaultValue: 1h
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 10
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-LockoutThreshold

How many bad password entries will lead to account lockout?

Type: System.Int32
DefaultValue: 0
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 6
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-MaxPasswordAge

The maximum age a password may have before it must be changed.

Type: PSFramework.Parameter.TimeSpanParameter
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 7
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-MinPasswordAge

How soon may a password be changed again after updating the password.

Type: PSFramework.Parameter.TimeSpanParameter
DefaultValue: 30m
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 11
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-MinPasswordLength

The minimum number of characters a password must have.

Type: System.Int32
DefaultValue: 0
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 4
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Name

The name of the PSO.

Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 0
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-PasswordHistoryCount

How many passwords are kept in memory to prevent going back to a previous password.

Type: System.Int32
DefaultValue: 24
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 12
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Precedence

The precedence rating of the PSO. The lower the precedence number, the higher the priority.

Type: System.Int32
DefaultValue: 0
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 3
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-Present

Whether the PSO should exist. Defaults to $true. If this is set to $false, no PSO will be created, instead the PSO will be removed if it exists.

Type: System.Boolean
DefaultValue: True
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 15
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-ReversibleEncryptionEnabled

Whether the password should be stored in a manner that allows it to be decrypted into cleartext. By default, only un-reversible hashes are being stored.

Type: System.Boolean
DefaultValue: False
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 13
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-SubjectDomain

The domain the group is part of. Defaults to the target domain.

Type: System.String
DefaultValue: '%DomainFqdn%'
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 14
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

-SubjectGroup

The group that the PSO should be assigned to.

Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 5
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.