Modify the Default Domain Password Policy

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to modify the default domain password policy.


The following example demonstrates how to modify the default domain password policy for the domain:

Set-ADDefaultDomainPasswordPolicy -Identity -PasswordHistoryCount 10 –MinPasswordLength 7 -MinPasswordAge 1.00:00:00 -MaxPasswordAge 30.00:00:00 -LockoutObservationWindow 0.00:10:00 -LockoutThreshold 15

Additional information

You can use the following parameters when you set many of the common values that are associated with a fine-grained password policy:

  • -ComplexityEnabled

  • -Description

  • -DisplayName

  • -LockoutDuration

  • -LockoutObservationWindow

  • -LockoutThreshold

  • -MaxPasswordAge

  • -MinPasswordAge

  • -MinPasswordLength

  • -PasswordHistoryCount

  • -ReversibleEncryptionEnabled

For a full explanation of the parameters that you can pass to Set-ADDefaultDomainPasswordPolicy, at the Active Directory module command prompt, type Get-Help Set-ADDefaultDomainPasswordPolicy –detailed, and then press ENTER.