1. | Log
on to a domain controller (DC) or a member computer that has Windows
Server 2008 Remote Server Administration Tools (RSAT) installed.
|
2. | Click Start, click Run, type adsiedit.msc, and then click OK.
|
3. | In the ADSI Edit snap-in, right-click ADSI Edit and then click Connect to.
|
4. | On the Connection Settings window, shown in Figure 1,
in the Name field type the fully qualified domain name (FQDN) of the
domain in which you want to create the password settings object (PSO),
ensure Default naming context is selected in the Select a well known
Naming Context field, and then click OK.
|
5. | In the console tree, expand the domain node; then expand DC=domainname, where domainname is the name of your domain.
|
6. | Expand CN=System.
|
7. | In the console tree, right-click the CN=Password Settings Container node, select New, and then click Object.
|
8. | On the Create Object window, shown in Figure 2, click Next.
|
9. | For the cn attribute, shown in Figure 3, type a name for the PSO in the Value field to set a Common-Name for the PSO; click Next.
|
10. | For the msDS-PasswordSettingsPrecedence attribute, shown in Figure 4, type a value for the precedence in the Value field to set a password settings precedence for the PSO. Then click Next.
|
11. | For the msDS-PasswordReversibleEncryptionEnabled attribute, shown in Figure 5, type TRUE in the Value field to enable store password using reversible encryption or type FALSE in the Value field to disable store password using reversible encryption. Then click Next.
|
12. | For the msDS-PasswordHistoryLength attribute, shown in Figure 6, type a value for the password history length in the Value field and click Next.
|
13. | For the msDS-PasswordComplexityEnabled attribute, shown in Figure 7, type TRUE in the Value field to enable password complexity or type FALSE in the Value field to disable password complexity; then click Next.
|
14. | For the msDS-MinimumPasswordLength attribute, shown in Figure 8, type a value for the minimum password length in the Value field and click Next.
|
15. | For the msDS-MinimumPasswordAge attribute, shown in Figure 9, type a value for the minimum password age in the Value field. Then click Next.
|
16. | For the msDS-MaximumPasswordAge attribute, shown in Figure 10, type a value for the maximum password age in the Value field and click Next.
|
17. | For the msDS-LockoutThreshold attribute, shown in Figure 11, type a value for the lockout threshold in the Value field; then click Next.
|
18. | For the msDS-LockoutObservationWindow attribute, shown in Figure 12, type a value for the observation window for lockout of user accounts in the Value field and click Next.
|
19. | For the msDS-LockoutDuration attribute, shown in Figure 13, type a value for the duration of the lockout of user accounts in the Value field; then click Next.
|
20. | On the Create Object window, shown in Figure 14, click Finish to create the PSO.
|