Programming4us
         
 
 
Applications Server

Active Directory Domain Services 2008: Create Password Settings Objects

12/10/2010 5:59:59 PM
Create a password settings object (PSO).

To create a PSO, perform the following steps:

1.
Log on to a domain controller (DC) or a member computer that has Windows Server 2008 Remote Server Administration Tools (RSAT) installed.

2.
Click Start, click Run, type adsiedit.msc, and then click OK.

3.
In the ADSI Edit snap-in, right-click ADSI Edit and then click Connect to.

4.
On the Connection Settings window, shown in Figure 1, in the Name field type the fully qualified domain name (FQDN) of the domain in which you want to create the password settings object (PSO), ensure Default naming context is selected in the Select a well known Naming Context field, and then click OK.
Figure 1. The ADSI Edit snap-in Connection Settings window.


5.
In the console tree, expand the domain node; then expand DC=domainname, where domainname is the name of your domain.

6.
Expand CN=System.

7.
In the console tree, right-click the CN=Password Settings Container node, select New, and then click Object.

8.
On the Create Object window, shown in Figure 2, click Next.
Figure 2. The Create Object window.


9.
For the cn attribute, shown in Figure 3, type a name for the PSO in the Value field to set a Common-Name for the PSO; click Next.
Figure 3. Creating the PSO’s Common-Name.


10.
For the msDS-PasswordSettingsPrecedence attribute, shown in Figure 4, type a value for the precedence in the Value field to set a password settings precedence for the PSO. Then click Next.
Figure 4. Creating the PSO’s password settings precedence.


11.
For the msDS-PasswordReversibleEncryptionEnabled attribute, shown in Figure 5, type TRUE in the Value field to enable store password using reversible encryption or type FALSE in the Value field to disable store password using reversible encryption. Then click Next.
Figure 5. Creating the PSO’s password reversible encryption status for user accounts.


12.
For the msDS-PasswordHistoryLength attribute, shown in Figure 6, type a value for the password history length in the Value field and click Next.
Figure 6. Creating the PSO’s password history length for user accounts.


13.
For the msDS-PasswordComplexityEnabled attribute, shown in Figure 7, type TRUE in the Value field to enable password complexity or type FALSE in the Value field to disable password complexity; then click Next.
Figure 7. Creating the PSO’s password complexity status for user accounts.


14.
For the msDS-MinimumPasswordLength attribute, shown in Figure 8, type a value for the minimum password length in the Value field and click Next.
Figure 8. Creating the PSO’s minimum password length for user accounts.


15.
For the msDS-MinimumPasswordAge attribute, shown in Figure 9, type a value for the minimum password age in the Value field. Then click Next.
Figure 9. Creating the PSO’s minimum password age for user accounts.


16.
For the msDS-MaximumPasswordAge attribute, shown in Figure 10, type a value for the maximum password age in the Value field and click Next.
Figure 10. Creating the PSO’s maximum password age for user accounts.


17.
For the msDS-LockoutThreshold attribute, shown in Figure 11, type a value for the lockout threshold in the Value field; then click Next.
Figure 11. Creating the PSO’s lockout threshold for lockout of user accounts.


18.
For the msDS-LockoutObservationWindow attribute, shown in Figure 12, type a value for the observation window for lockout of user accounts in the Value field and click Next.
Figure 12. Creating the PSO’s observation window for lockout of user accounts.


19.
For the msDS-LockoutDuration attribute, shown in Figure 13, type a value for the duration of the lockout of user accounts in the Value field; then click Next.
Figure 13. Creating the PSO’s lockout duration for lockout of user accounts.


20.
On the Create Object window, shown in Figure 14, click Finish to create the PSO.
Figure 14. Completing the Create PSO Wizard.


Note

The time-related PSO attributes (msDS-MaximumPasswordAge, msDS-MinimumPasswordAge, msDS-LockoutObservationWindow, and msDS-LockoutDuration) must be entered in the d:hh:mm:ss format or the I8 format. The d:hh:mm:ss format is only available in the Windows Server 2008 version of ADSI Edit.
Other -----------------
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 4)
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 3) - Organization Relationships
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 2)
- Exchange Server 2010 : Fundamentals and Components of Federated Delegation (part 1)
- Introduction to Federated Delegation in Exchange Server 2010
- BizTalk Server 2009 : Service-oriented endpoint patterns (part 2)
- BizTalk Server 2009 : Service-oriented endpoint patterns (part 1)
- Exchange Server 2010 : Office Communication Server 2007 R2 Integration (part 3) - Deploying Instant Messaging for OWA
- Exchange Server 2010 : Office Communication Server 2007 R2 Integration (part 2) - Deploying UM and OCS 2007 R2 Integration
- Exchange Server 2010 : Office Communication Server 2007 R2 Integration (part 1) - Integrating OCS 2007 R2 in Exchange 2010 Architecture
 
 
Most View
- Windows Phone 7 : Adding a Pushpin
- Windows Server 2003 : Centralizing Authentication and Authorization with Internet Authentication Server - Configuring IAS as a RADIUS Proxy
- Exchange Server 2010 : Designing and Implementing AD RMS Integration (part 3) - Transport and Journal Report Decryption
- Windows 7 : Adding Folders and Files to the Default Website (part 3) - Adding a Folder to the Default Website
- What is New in iPhone SDK 3.2 for the iPad (part 2)
- Programming WCF Services : The Response Service (part 3) - Queued Service-Side Programming & Response Service-Side Programming
- SharePoint 2010 : Use Alerts
- Relevant IAM Standards and Protocols for Cloud Services (part 1)
- Microsoft Dynamics AX 2009 : Working with Forms - Creating Dialogs
- SQL Azure : Azure Server Administration (part 1) - Server Information
Top 10
- Active Directory Domain Services 2008: Disable the Directory Service Changes Auditing Subcategory
- Windows Phone 7 : Uninstalling an App
- Optimizing SQL Server for SharePoint 2010 (part 3) - Model Database Settings
- SQL server 2008 : Managing Security - Roles
- Coding JavaScript for Mobile Browsers (part 11)
- Software Testing with Visual Studio Team System 2008 : Unit testing web services & Code coverage unit test
- Exchange Server 2010 : Deploying Unified Messaging (part 2)
- Windows Server 2008 : Configuring IPv4 and IPv6 Addressing
- Programming WCF Services : The Response Service (part 4) - Transactions
- Exchange Server 2010 : Availability Planning for Mailbox Servers (part 3) - Adding Database Copies