Packer.Images/scripts/ADDS/payload/scripts/13.Default Domain Password Policy.ps1

#Requires -Modules 'ActiveDirectory'
Param(
    [Parameter(Mandatory)]
    [hashtable]$Parameter
)

# Only executed on primary or standalone Domain Controller
If (@('primary','standalone') -contains $Parameter['deployment.type']) {
    $GetContentSplat = @{
        Path = "$($PSScriptRoot)\$($MyInvocation.MyCommand)".Replace('.ps1', ".yml")
        Raw  = $True
    }
    $RawContent = Get-Content @GetContentSplat
    $ConvertFromYamlSplat = @{
        Yaml         = $RawContent
        AllDocuments = $True
    }
    $Policy = ConvertFrom-Yaml @ConvertFromYamlSplat

    $SetADDefaultDomainPasswordPolicySplat = @{
        Identity                    = $Parameter['addsconfig.domainname']
        ComplexityEnabled           = [Convert]::ToBoolean($Policy.Password.RequireComplexity)
        LockoutThreshold            = [uint32]$Policy.Account.Lockout.Threshold
        # LockoutDuration             = [timespan]$Policy.Account.Lockout.Duration
        # LockoutObservationWindow    = [timespan]$Policy.Account.Lockout.ObservationWindow
        MaxPasswordAge              = [timespan]$Policy.Password.Age.Maximum
        MinPasswordAge              = [timespan]$Policy.Password.Age.Minimum
        MinPasswordLength           = [uint32]$Policy.Password.Length.Minimum
        PasswordHistoryCount        = [uint32]$Policy.Password.History
        ReversibleEncryptionEnabled = [Convert]::ToBoolean($Policy.Password.ReversibleEncryption)
        Confirm                     = $False
    }
    Set-ADDefaultDomainPasswordPolicy @SetADDefaultDomainPasswordPolicySplat
}