Skip to content

Commit ac58739

Browse files
Stacyrch140Stacyrch140
authored
Merge pull request #3876 from MicrosoftDocs/main
Publish main to live, Friday 10:30 AM PST, 09/20
2 parents 32307f7 + 8718b39 commit ac58739

File tree

2 files changed

+8
-14
lines changed

2 files changed

+8
-14
lines changed

docset/winserver2022-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md

+4-7
Original file line numberDiff line numberDiff line change
@@ -71,13 +71,6 @@ PS C:\> New-ADFineGrainedPasswordPolicy -Instance $TemplatePSO -Name "AdminsPSO"
7171

7272
This example creates two new fine-grained password policy objects using a template object.
7373

74-
### Example 3: Create a fine-grained password policy with manual account unlock
75-
```powershell
76-
PS C:\> New-ADFineGrainedPasswordPolicy -Name "ManualUnlockPSO" -Precedence 500 -ComplexityEnabled $true -Description "Manual Unlock Password Policy" -DisplayName "Manual Unlock PSO" -LockoutDuration "00:00:00" -LockoutObservationWindow "00:00:00" -LockoutThreshold 3
77-
```
78-
79-
This command creates a fine-grained password policy object named ManualUnlockPSO that would require manual unlock of accounts by the administrator.
80-
8174
## PARAMETERS
8275

8376
### -AuthType
@@ -275,6 +268,10 @@ The LDAP display name (**ldapDisplayName**) of this property is **msDS-lockoutOb
275268
The lockout observation window must be smaller than or equal to the lockout duration for a password policy.
276269
Use the *LockoutDuration* parameter to set the lockout duration time.
277270

271+
> [!NOTE]
272+
> Setting the lockout observation window to 0 effectively means that the window is too short to
273+
> observe more than one password attempt, therefore the account will never be locked out.
274+
278275
Specify the time interval in the following format:
279276

280277
`D:H:M:S.F`

docset/winserver2025-ps/activedirectory/New-ADFineGrainedPasswordPolicy.md

+4-7
Original file line numberDiff line numberDiff line change
@@ -71,13 +71,6 @@ PS C:\> New-ADFineGrainedPasswordPolicy -Instance $TemplatePSO -Name "AdminsPSO"
7171

7272
This example creates two new fine-grained password policy objects using a template object.
7373

74-
### Example 3: Create a fine-grained password policy with manual account unlock
75-
```powershell
76-
PS C:\> New-ADFineGrainedPasswordPolicy -Name "ManualUnlockPSO" -Precedence 500 -ComplexityEnabled $true -Description "Manual Unlock Password Policy" -DisplayName "Manual Unlock PSO" -LockoutDuration "00:00:00" -LockoutObservationWindow "00:00:00" -LockoutThreshold 3
77-
```
78-
79-
This command creates a fine-grained password policy object named ManualUnlockPSO that would require manual unlock of accounts by the administrator.
80-
8174
## PARAMETERS
8275

8376
### -AuthType
@@ -275,6 +268,10 @@ The LDAP display name (**ldapDisplayName**) of this property is **msDS-lockoutOb
275268
The lockout observation window must be smaller than or equal to the lockout duration for a password policy.
276269
Use the *LockoutDuration* parameter to set the lockout duration time.
277270

271+
> [!NOTE]
272+
> Setting the lockout observation window to 0 effectively means that the window is too short to
273+
> observe more than one password attempt, therefore the account will never be locked out.
274+
278275
Specify the time interval in the following format:
279276

280277
`D:H:M:S.F`

0 commit comments

Comments
 (0)