Skip to content

Commit 8718b39

Browse files
BRDPMsdwheeler
andauthored
Update New-ADFineGrainedPasswordPolicy.md (#3818)
* Update New-ADFineGrainedPasswordPolicy.md Removing example 3, which is completely incorrect, and adding a disclaimer to Lockout Observation Window. * Update docset/winserver2022-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md Adding suggested review changes Co-authored-by: Sean Wheeler <[email protected]> --------- Co-authored-by: Sean Wheeler <[email protected]>
1 parent b25b824 commit 8718b39

File tree

1 file changed

+4
-7
lines changed

1 file changed

+4
-7
lines changed

docset/winserver2022-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -71,13 +71,6 @@ PS C:\> New-ADFineGrainedPasswordPolicy -Instance $TemplatePSO -Name "AdminsPSO"
7171

7272
This example creates two new fine-grained password policy objects using a template object.
7373

74-
### Example 3: Create a fine-grained password policy with manual account unlock
75-
```powershell
76-
PS C:\> New-ADFineGrainedPasswordPolicy -Name "ManualUnlockPSO" -Precedence 500 -ComplexityEnabled $true -Description "Manual Unlock Password Policy" -DisplayName "Manual Unlock PSO" -LockoutDuration "00:00:00" -LockoutObservationWindow "00:00:00" -LockoutThreshold 3
77-
```
78-
79-
This command creates a fine-grained password policy object named ManualUnlockPSO that would require manual unlock of accounts by the administrator.
80-
8174
## PARAMETERS
8275

8376
### -AuthType
@@ -275,6 +268,10 @@ The LDAP display name (**ldapDisplayName**) of this property is **msDS-lockoutOb
275268
The lockout observation window must be smaller than or equal to the lockout duration for a password policy.
276269
Use the *LockoutDuration* parameter to set the lockout duration time.
277270

271+
> [!NOTE]
272+
> Setting the lockout observation window to 0 effectively means that the window is too short to
273+
> observe more than one password attempt, therefore the account will never be locked out.
274+
278275
Specify the time interval in the following format:
279276

280277
`D:H:M:S.F`

0 commit comments

Comments
 (0)