34 lines
1.5 KiB
PowerShell
34 lines
1.5 KiB
PowerShell
#Requires -Modules 'ActiveDirectory'
|
|
Param(
|
|
[Parameter(Mandatory)]
|
|
[hashtable]$Parameter
|
|
)
|
|
|
|
# Only executed on primary or standalone Domain Controller
|
|
If (@('primary','standalone') -contains $Parameter['deployment.type']) {
|
|
$GetContentSplat = @{
|
|
Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml")
|
|
Raw = $True
|
|
}
|
|
$RawContent = Get-Content @GetContentSplat
|
|
$ConvertFromYamlSplat = @{
|
|
Yaml = $RawContent
|
|
AllDocuments = $True
|
|
}
|
|
$Policy = ConvertFrom-Yaml @ConvertFromYamlSplat
|
|
|
|
$SetADDefaultDomainPasswordPolicySplat = @{
|
|
Identity = $Parameter['addsconfig.domainname']
|
|
ComplexityEnabled = [Convert]::ToBoolean($Policy.Password.RequireComplexity)
|
|
LockoutThreshold = [uint32]$Policy.Account.Lockout.Threshold
|
|
# LockoutDuration = [timespan]$Policy.Account.Lockout.Duration
|
|
# LockoutObservationWindow = [timespan]$Policy.Account.Lockout.ObservationWindow
|
|
MaxPasswordAge = [timespan]$Policy.Password.Age.Maximum
|
|
MinPasswordAge = [timespan]$Policy.Password.Age.Minimum
|
|
MinPasswordLength = [uint32]$Policy.Password.Length.Minimum
|
|
PasswordHistoryCount = [uint32]$Policy.Password.History
|
|
ReversibleEncryptionEnabled = [Convert]::ToBoolean($Policy.Password.ReversibleEncryption)
|
|
Confirm = $False
|
|
}
|
|
Set-ADDefaultDomainPasswordPolicy @SetADDefaultDomainPasswordPolicySplat
|
|
} |