Setting fine grained passwords.

Fine grained passwords apply to groups not OU’s.

If you need a different password policy applying to members of an OU. Then a good way to do this is to create a shadow group which is just a security group named after the OU.

I am going to demonstrate this on the Gold Coast OU so I created a group called Gold Coast

from PowerShell enter the following command on one line.

PS C:\Users\Administrator> New-ADFineGrainedPasswordPolicy GoldCoastPolicy -ComplexityEnabled:$true -LockoutDuration:”00
:30:00″ -LockoutObservationWindow:”00:30:00″ -LockoutThreshold:”0″ -MaxPasswordAge:”42.00:00:00″ -MinPasswordAge:”1.00:0
0:00″ -MinPasswordLength:”9″ -PasswordHistoryCount:”10″ -Precedence:”1″ -ReversibleEncryptionEnabled:$false -ProtectedFr



Then to apply the fine grained policy to a group:

Add-ADFineGrainedPasswordPolicySubject GoldCoastPolicy -Subjects ‘Gold Coast’


Or in ADAC navigate to Domain > System > Password Setting Container