Programming4us
         
 
 
Applications Server

Active Directory Domain Services 2008: Create Password Settings Objects

12/10/2010 5:59:59 PM
Create a password settings object (PSO).

To create a PSO, perform the following steps:

1.
Log on to a domain controller (DC) or a member computer that has Windows Server 2008 Remote Server Administration Tools (RSAT) installed.

2.
Click Start, click Run, type adsiedit.msc, and then click OK.

3.
In the ADSI Edit snap-in, right-click ADSI Edit and then click Connect to.

4.
On the Connection Settings window, shown in Figure 1, in the Name field type the fully qualified domain name (FQDN) of the domain in which you want to create the password settings object (PSO), ensure Default naming context is selected in the Select a well known Naming Context field, and then click OK.

Figure 1. The ADSI Edit snap-in Connection Settings window.


5.
In the console tree, expand the domain node; then expand DC=domainname, where domainname is the name of your domain.

6.
Expand CN=System.

7.
In the console tree, right-click the CN=Password Settings Container node, select New, and then click Object.

8.
On the Create Object window, shown in Figure 2, click Next.



Figure 2. The Create Object window.


9.
For the cn attribute, shown in Figure 3, type a name for the PSO in the Value field to set a Common-Name for the PSO; click Next.

Figure 3. Creating the PSO’s Common-Name.


10.
For the msDS-PasswordSettingsPrecedence attribute, shown in Figure 4, type a value for the precedence in the Value field to set a password settings precedence for the PSO. Then click Next.



Figure 4. Creating the PSO’s password settings precedence.


11.
For the msDS-PasswordReversibleEncryptionEnabled attribute, shown in Figure 5, type TRUE in the Value field to enable store password using reversible encryption or type FALSE in the Value field to disable store password using reversible encryption. Then click Next.



Figure 5. Creating the PSO’s password reversible encryption status for user accounts.


12.
For the msDS-PasswordHistoryLength attribute, shown in Figure 6, type a value for the password history length in the Value field and click Next.

Figure 6. Creating the PSO’s password history length for user accounts.


13.
For the msDS-PasswordComplexityEnabled attribute, shown in Figure 7, type TRUE in the Value field to enable password complexity or type FALSE in the Value field to disable password complexity; then click Next.



Figure 7. Creating the PSO’s password complexity status for user accounts.


14.
For the msDS-MinimumPasswordLength attribute, shown in Figure 8, type a value for the minimum password length in the Value field and click Next.

Figure 8. Creating the PSO’s minimum password length for user accounts.


15.
For the msDS-MinimumPasswordAge attribute, shown in Figure 9, type a value for the minimum password age in the Value field. Then click Next.



Figure 9. Creating the PSO’s minimum password age for user accounts.


16.
For the msDS-MaximumPasswordAge attribute, shown in Figure 10, type a value for the maximum password age in the Value field and click Next.

Figure 10. Creating the PSO’s maximum password age for user accounts.


17.
For the msDS-LockoutThreshold attribute, shown in Figure 11, type a value for the lockout threshold in the Value field; then click Next.



Figure 11. Creating the PSO’s lockout threshold for lockout of user accounts.


18.
For the msDS-LockoutObservationWindow attribute, shown in Figure 12, type a value for the observation window for lockout of user accounts in the Value field and click Next.

Figure 12. Creating the PSO’s observation window for lockout of user accounts.


19.
For the msDS-LockoutDuration attribute, shown in Figure 13, type a value for the duration of the lockout of user accounts in the Value field; then click Next.



Figure 13. Creating the PSO’s lockout duration for lockout of user accounts.


20.
On the Create Object window, shown in Figure 14, click Finish to create the PSO.

Figure 14. Completing the Create PSO Wizard.


Note

The time-related PSO attributes (msDS-MaximumPasswordAge, msDS-MinimumPasswordAge, msDS-LockoutObservationWindow, and msDS-LockoutDuration) must be entered in the d:hh:mm:ss format or the I8 format. The d:hh:mm:ss format is only available in the Windows Server 2008 version of ADSI Edit.

Other -----------------
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 4)
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 3) - Organization Relationships
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 2)
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 1)
- Introduction to Federated Delegation in Exchange Server 2010
- BizTalk Server 2009 : Service-oriented endpoint patterns (part 2)
- BizTalk Server 2009 : Service-oriented endpoint patterns (part 1)
- Exchange Server 2010 : Office Communication Server 2007 R2 Integration (part 3) - Deploying Instant Messaging for OWA
- Exchange Server 2010 : Office Communication Server 2007 R2 Integration (part 2) - Deploying UM and OCS 2007 R2 Integration
- Exchange Server 2010 : Office Communication Server 2007 R2 Integration (part 1) - Integrating OCS 2007 R2 in Exchange 2010 Architecture
- Exchange Server 2010 : Managing Unified Messaging (part 1) - Testing Unified Messaging Functionality
- Exchange Server 2010 : Managing Unified Messaging (part 1)
- Exchange Server 2010 : International Considerations of Unified Messaging
- BizTalk Server 2009 : Service-oriented schema patterns (part 6) - Exploiting generic schemas
- BizTalk Server 2009 : Service-oriented schema patterns (part 5) - Node feature mapping for service clients
- BizTalk Server 2009 : Service-oriented schema patterns (part 4) - Node data type conversion for service clients
- BizTalk Server 2009 : Service-oriented schema patterns (part 3) - Building and applying reusable schema components
- BizTalk Server 2009 : Service-oriented schema patterns (part 2) - Canonical schemas
- BizTalk Server 2009 : Service-oriented schema patterns (part 1) - Designing schemas based on service type
- Exchange Server 2010 : Deploying Unified Messaging (part 3)
 
 
Most View
- Handling Input on Windows Phone 7 : Touch Input (part 3) - Multi-Point Touch
- Windows Server 2008: Using Capacity-Analysis Tools (part 1) - Task Manager
- SharePoint 2010 : Publishing Service Applications to Remote Farms
- Active Directory Domain Services 2008: Apply a Password Settings Object to Users and Security Groups
- The Art of SEO : Measuring Search Traffic (part 1)
- SQL Server 2008 Analysis Services : Understanding SSAS and OLAP
- BizTalk Server 2009 : Using asynchronous services in WCF (part 2)
- Windows 7 : Creating and Managing User Accounts (part 2) - Working with the User Accounts Dialog Box
- SQL Server 2008 : Performance Tuning - Tracing
- How SQL Server FTS Works
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS