Create a Password Settings Object

The Windows 2008 feature – Password Settings Object (PSO) allows password settings to be applied to Users or Groups – as opposed to OUs.

Note – the domain functional level must be windows 2008


Step 1 – Create Password Settings Object


  • A PSO is created via adsiedit.msc. Go to start – run – adsiedit.msc
  • Connect to the default naming context

  • Browse to the below folder and create a new password object

Fill out the values as required. See for an explanation of each field.


Step 2 – Assign to Users


The password settings container and password settings object should be visible in Active Directory Users and Computers

  • In Active Directory Users and Computers browse to the password settings container and edit the PSO.

  • Edit the above field and include the users\groups you would like this policy applied to.
  • If you cannot see the above option right click the PSO and select properties then filter. Make sure the “Show only attributes that have values” is not selected.
  • Add the distinguished name of the user or group you wish this policy to apply to. E.g. CN=Admins,CN=Users,DC=MyCompany,DC=Local

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.