Fine Grained Password Policy Vs Default Domain Policy

Hello Team, there are two kind of password policies can be applied on Active Directory User Accounts. One is implemented using Group Policy and another one is Fine Grained Password Policy which is deployed via Active Directory Administration Center. Microsoft introduced FGPP (Fine Grained Password Policy) which is wonderful feature to create password policy, other than Default Domain Password Policy, for specific set of AD accounts. This post is on Fine Grained Password Policy Vs Default Domain Policy. Fine Grained Password Policy works over Default Domain Password Policy and take precedence. FGPP is configured to provide more robust, secure and complex password policy.

Fine Grained Password Policy can be applied over user objects and global security group. It is not deployed through Group Policy. It is implemented using Active Directory Administration Center. To know how to configure FGPP please follow the link How To Configure Fine Grained Password Policy

Once you configure Fine Grained Password Policy for a single or group of users then password policy will be applied as defined in FGPP. It will be applicable for those AD accounts only which are added in group.

Thereafter, you can verify as well that which password policy is getting applied on user account i.e. Default domain password policy or FGPP. Open powershell and run below command to check that:

Type “Get-ADUserResultantPasswordPolicy” and press enter.

then it will prompt to enter userid. just give AD account name for which you want to know otherwise in a single commnad also same can be achieved and that is:

Get-ADUserResultantPasswordPolicy -Identity userid

Hope this article help to understand about FGPP.

Thanks.

Other Posts:

 

2 thoughts on “Fine Grained Password Policy Vs Default Domain Policy

Leave a Reply