{"id":866,"date":"2007-07-31T21:52:32","date_gmt":"2007-07-31T20:52:32","guid":{"rendered":"http:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm"},"modified":"2007-07-31T21:52:32","modified_gmt":"2007-07-31T20:52:32","slug":"fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm","title":{"rendered":"Fine grained password policies for Windows Server 2008 Active Directory Domain Services"},"content":{"rendered":"<p>Another new feature in Windows Server 2008 Active Directory Domain Services is that (at long last) it&#8217;s now possible to apply multiple password policies within a single domain using a new feature called <a href=\"http:\/\/technet2.microsoft.com\/windowsserver2008\/en\/library\/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx?mfr=true\">fine grained password policies<\/a>.  Now PINs can be used for mobile device access and complex passwords for conventional form factor devices without requiring separate domains, third party software or writing a custom password filter DLL.<\/p>\n<p>The fine grained password policies are user and group based (i.e. not per-OU &#8211; in order to avoid extra domain load during login) and multiple policies can be applied; however, the new functionality involves a complex administrative process and there is no GUI yet (although the password settings container can be found if Advanced Features are enabled in Active Directory Users and Computers). Fortunately, <a href=\"http:\/\/www.joeware.net\/freetools\/tools\/psomgr\/\">Joe Richards has written PSOMgr (a command line tool to manage fine grain password policy password settings objects)<\/a> and <a href=\"http:\/\/blogs.chrisse.se\/blogs\/chrisse\/archive\/2007\/07\/14\/fine-grain-password-policy-tool-beta-1-is-ready.aspx\">Christoffer Andersson has a similar tool with MMC\/PowerShell interfaces<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Another new feature in Windows Server 2008 Active Directory Domain Services is that (at long last) it&#8217;s now possible to apply multiple password policies within a single domain using a new feature called fine grained password policies. Now PINs can be used for mobile device access and complex passwords for conventional form factor devices without &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Fine grained password policies for Windows Server 2008 Active Directory Domain Services<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[102,104],"class_list":["post-866","post","type-post","status-publish","format-standard","hentry","tag-active-directory","tag-windows-server-2008"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fine grained password policies for Windows Server 2008 Active Directory Domain Services - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fine grained password policies for Windows Server 2008 Active Directory Domain Services - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"Another new feature in Windows Server 2008 Active Directory Domain Services is that (at long last) it&#8217;s now possible to apply multiple password policies within a single domain using a new feature called fine grained password policies. Now PINs can be used for mobile device access and complex passwords for conventional form factor devices without &hellip; Continue reading Fine grained password policies for Windows Server 2008 Active Directory Domain Services\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2007-07-31T20:52:32+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Fine grained password policies for Windows Server 2008 Active Directory Domain Services\",\"datePublished\":\"2007-07-31T20:52:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\"},\"wordCount\":173,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"Microsoft Active Directory\",\"Microsoft Windows Server 2008\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\",\"name\":\"Fine grained password policies for Windows Server 2008 Active Directory Domain Services - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2007-07-31T20:52:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2007\\\/07\\\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fine grained password policies for Windows Server 2008 Active Directory Domain Services\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fine grained password policies for Windows Server 2008 Active Directory Domain Services - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm","og_locale":"en_GB","og_type":"article","og_title":"Fine grained password policies for Windows Server 2008 Active Directory Domain Services - markwilson.it","og_description":"Another new feature in Windows Server 2008 Active Directory Domain Services is that (at long last) it&#8217;s now possible to apply multiple password policies within a single domain using a new feature called fine grained password policies. Now PINs can be used for mobile device access and complex passwords for conventional form factor devices without &hellip; Continue reading Fine grained password policies for Windows Server 2008 Active Directory Domain Services","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm","og_site_name":"markwilson.it","article_published_time":"2007-07-31T20:52:32+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Fine grained password policies for Windows Server 2008 Active Directory Domain Services","datePublished":"2007-07-31T20:52:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm"},"wordCount":173,"commentCount":1,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["Microsoft Active Directory","Microsoft Windows Server 2008"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm","name":"Fine grained password policies for Windows Server 2008 Active Directory Domain Services - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2007-07-31T20:52:32+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/fine-grained-password-policies-for-windows-server-2008-active-directory-domain-services.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Fine grained password policies for Windows Server 2008 Active Directory Domain Services"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":1204,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-2-forest-and-domain-design.htm","url_meta":{"origin":866,"position":0},"title":"Active Directory design considerations: part 2 (forest and domain design)","author":"Mark Wilson","date":"Tuesday 16 September 2008","format":false,"excerpt":"Having set the scene for this series of posts, the first area to examine is Active Directory forest and domain design. Bearing in mind the key principle that requirements should dictate design, and that the solution should be as simple as possible, whenever possible, AD designers should look to consolidate\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":862,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/windows-server-2008-read-only-domain-controllers.htm","url_meta":{"origin":866,"position":1},"title":"Windows Server 2008 read only domain controllers","author":"Mark Wilson","date":"Monday 30 July 2007","format":false,"excerpt":"This is the last post I'm intending to write based on the content from the recent Windows Server UK User Group meeting - this time inspired by Scotty Mc Leod's presentation on read only domain controllers (RODCs), a new feature in Windows Server 2008. In my post from a few\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":966,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/12\/migrating-passwords-with-the-active-directory-migration-tool.htm","url_meta":{"origin":866,"position":2},"title":"Migrating passwords with the Active Directory Migration Tool","author":"Mark Wilson","date":"Friday 21 December 2007","format":false,"excerpt":"I've spent most of this month working with a customer who is consolidating various Active Directory forests into a single domain. We didn't use any third party tools - just the standard Microsoft utilities, i.e. Active Directory Migration Tool (ADMT) v3 and Exchange Migration Wizard (one of the Exchange Server\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1216,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-6-domain-controller-placement.htm","url_meta":{"origin":866,"position":3},"title":"Active Directory design considerations: part 6 (domain controller placement and site design)","author":"Mark Wilson","date":"Tuesday 23 September 2008","format":false,"excerpt":"Continuing the series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, this post discusses the design considerations for placement of Active Directory domain controllers and the associated site links. Domain controller (DC) placement can have a huge impact\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":102,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/troubleshooting-windows-authentication.htm","url_meta":{"origin":866,"position":4},"title":"Troubleshooting Windows authentication with the Microsoft account lockout and management tools","author":"Mark Wilson","date":"Wednesday 18 May 2005","format":false,"excerpt":"A few weeks back I was at a Microsoft TechNet UK event where John Howard demonstrated the free tools provided by Microsoft to troubleshoot and diagnose account lockout and management issues for Windows NT, 2000 and 2003: acctinfo.dll (also included with the Windows Server 2003 resource kit tools) is installed\u2026","rel":"","context":"In \"Microsoft Windows 2000\"","block_context":{"text":"Microsoft Windows 2000","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-2000"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":485,"url":"https:\/\/www.markwilson.co.uk\/blog\/2004\/09\/script-to-disable-password-expiry-for.htm","url_meta":{"origin":866,"position":5},"title":"Script to disable password expiry for local Windows accounts","author":"Mark Wilson","date":"Friday 10 September 2004","format":false,"excerpt":"One of the shortcomings of the net user command in Windows is the inability to set the password never expires flag on an account (account expiry options can be set, but not password expiry and the full syntax is described in Microsoft knowledge base article 251394). There are 13 flags\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=866"}],"version-history":[{"count":1,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/866\/revisions"}],"predecessor-version":[{"id":1599,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/866\/revisions\/1599"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}