Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 8294. How can I return the domain password policy attributes?

I have scripted PassPolicy.bat and PassPolicy.vbs to return the following domain's password policy attributes:


minPwdLength
pwdProperties
pwdHistoryLength 
minPwdAge 
maxPwdAge
lockoutThreshold 
lockoutDuration 
LockoutWindow
The syntax for using PassPolicy.bat is:

call PassPolicy minPwdLength pwdProperties pwdHistoryLength minPwdAge maxPwdAge lockoutThreshold lockoutDuration LockoutWindow

where each argument is a call directed environment variable that will contain the value of the policy setting.

NOTE: PassPolicy.bat and PassPolicy.vbs must be located in the same folder.

PassPolicy.bat contains:

@echo off
if \{%8\}==\{\} @echo syntax PassPolicy minPwdLength pwdProperties pwdHistoryLength minPwdAge maxPwdAge lockoutThreshold lockoutDuration LockoutWindow&goto :EOF
for /f "Tokens=1-8" %%a in ('cscript //NOLOGO %~dp0PassPolicy.vbs') do (
 set %1=%%a
 set %2=%%b
 set %3=%%c
 set %4=%%d
 set %5=%%e
 set %6=%%f
 set %7=%%g
 set %8=%%h
)

PassPolicy.vbs contains: 
Option Explicit
Dim objRootDSE, strDNSDomain, objDomain
Dim objMinPWAge, retMinPWAge
Dim objMaxPWAge, retMaxPWAge
Dim objDuration, retDuration
Dim objLockoutWin, retLockoutWin
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objMinPWAge = objDomain.minPwdAge
retMinPWAge = Int8ToSec(objMinPWAge) / (24 * 60 * 60)
Set objMaxPWAge = objDomain.maxPwdAge
retMaxPWAge = Int8ToSec(objMaxPWAge) / (24 * 60 * 60)
Set objDuration = objDomain.lockoutDuration
retDuration = Int8ToSec(objDuration) / (60)
Set objLockoutWin = objDomain.lockoutObservationWindow
retLockoutWin = Int8ToSec(objLockoutWin) / (60)
Wscript.Echo objDomain.minPwdLength & " " & objDomain.pwdProperties & " " & objDomain.pwdHistoryLength & " " & retMinPWAge & " " & retMaxPWAge & " " & objDomain.lockoutThreshold & " " & retDuration & " " & retLockoutWin
' I found the Int8ToSec function on the Web
Function Int8ToSec(objInt8)
' Function to convert Integer8 attributes from
' 64-bit numbers to seconds.
  Dim retHigh, retLow
  retHigh = objInt8.HighPart
' Account for error in IADsLargeInteger property methods.
  retLow = objInt8.LowPart
  If retLow

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019