#
# Demo file for Windows Server 2008 (Longhorn) Fine-Grained Password Policies
# Created by Dmitry Sotnikov
# http://dmitrysotnikov.wordpress.com 
# Feel free to re-use as long as you reference the original source
#
# Get the list of all password policies in the domain
Get-QADPasswordSettingsObject
# Let's see all settings of a particular policy
Get-QADPasswordSettingsObject pso | Format-List
# Create a new policy, set a few attributes and leave the rest default
New-QADPasswordSettingsObject -Name BeatlesPolicy -Precedence 5 -PasswordHistoryLength 10 -PasswordComplexityEnabled $true
# See the properties of the new policy
Get-QADPasswordSettingsObject BeatlesPolicy | Format-List
# Link the policy to the COW\Beatles group
Add-QADPasswordSettingsObjectAppliesTo BeatlesPolicy -AppliesTo COW\Beatles
# See where are all the polies linked now
Get-QADPasswordSettingsObject | Format-List Name, AppliesTo
# Check resultant policy for user jlennon (note that the Beatles policy got applied via group membership)
Get-QADUser jlennon -IncludedProperties Msds-ResultantPSo | Format-Table Name, Msds-ResultantPSo
# Link another policy directly to the user (note that now we are piping in the user object - can do it either way!)
Get-QADUser jlennon | Add-QADPasswordSettingsObjectAppliesTo PSO2
# Check the resultant policy and note that the one linked directly won
Get-QADUser jlennon -IncludedProperties Msds-ResultantPSo | Format-Table Name, Msds-ResultantPSo
# Check where the policy is applied
Get-QADPasswordSettingsObject PSO2 | Format-List Name, AppliesTo
# Unlink the policy
Remove-QADPasswordSettingsObjectAppliesTo PSO2 -AppliesTo COW\jlennon
# Resultant policy changed back to the group one
Get-QADUser jlennon -IncludedProperties Msds-ResultantPSo | Format-Table Name, Msds-ResultantPSo
# Remove the policy from the directory
Remove-QADObject BeatlesPolicy