Home  Tutorials  Active Directory


How to get the Resultant Password Policy of an Active Directory User (EN)

To get the resultant Password Policy of an Active Directory user, you can use one of the following methods:

Method 1: By using ADSIEdit

You need to:
  • Run ADSIEdit snap-in
  • Connect to your default naming context
  • Locate your user accounts and go to its properties
  • Click on Filter then choose Constructed option

  • Locate msDS-ResultantPSO and it will contain the name of the resultant Password Policy

Method 2 : By using Powershell cmdlet Get-ADUserResultantPasswordPolicy cmdlet

You need to:
  • Run PowerShell
  • Execute the command Get-ADUserResultantPasswordPolicy (Where is your user account sAMAccountName). The DistinguishedName in the output includes the name of the resultant Password Policy

Method 3: By using Dsget user

You need to:
  • Run CMD
  • Execute the command Dsget user -effectivepso (Where is the distinguished name of your user account). The output displays the name of the resultant Password Policy