Create a Password Settings Object

The Windows 2008 feature – Password Settings Object (PSO) allows password settings to be applied to Users or Groups – as opposed to OUs.

Note – the domain functional level must be windows 2008

 

Step 1 – Create Password Settings Object

 

  • A PSO is created via adsiedit.msc. Go to start – run – adsiedit.msc
  • Connect to the default naming context

  • Browse to the below folder and create a new password object

Fill out the values as required. See http://technet.microsoft.com/en-us/library/cc754544%28WS.10%29.aspx for an explanation of each field.

 

Step 2 – Assign to Users

 

The password settings container and password settings object should be visible in Active Directory Users and Computers

  • In Active Directory Users and Computers browse to the password settings container and edit the PSO.

  • Edit the above field and include the users\groups you would like this policy applied to.
  • If you cannot see the above option right click the PSO and select properties then filter. Make sure the “Show only attributes that have values” is not selected.
  • Add the distinguished name of the user or group you wish this policy to apply to. E.g. CN=Admins,CN=Users,DC=MyCompany,DC=Local

Leave a Reply

Your email address will not be published. Required fields are marked *