Recently I have had to troubleshoot quite a bit of SQL login issues and often times the issue was with the users active directory user account.
I was aware the my organization has security policies that includes among other things, active directory password policy. Of course there is also SQL Server user security policy, which I know by heart.
To better support my users, I thought it would be a good idea to familiarize myself with the active directory password policy that is in effect. Now, there is a document that outlines the policy, I want to get what is actually implemented.
Here, I am using powershell to get the password policy values.
You will need to have the ActiveDirectory PowerShell module installed for the following cmdlets to work.
Get-ADUserResultantPasswordPolicy -Identity aduser1
That returned nothing in my case. That most likely implies that the password policy is not assigned per user basis.
So now I am going to check what is the default password policy in the domain.
Get-ADDefaultDomainPasswordPolicy
Edited Results:
ComplexityEnabled : True
DistinguishedName : DC=internal,DC=external,DC=org
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 6
MaxPasswordAge : 90.00:00:00
MinPasswordAge : 1.00:00:00
MinPasswordLength : 8
objectClass : {domainDNS}
objectGuid : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PasswordHistoryCount : 8
ReversibleEncryptionEnabled : False
if you are curious what all these values mean, please see the below MS document: