Instead they use the PSO settings.īecause PSO can be applied to a group, a user can be linked to two PSO. When PSO is applied on some users, there are no longer using password policy from Default Policy Settings GPO. This object contains all password settings that you can find in the Default Domain Policy GPO (password history, complexity, length etc.). ADAC enables to create PSO with graphical interface.Ī Password Settings Object (PSO) is an Active Directory object.
In Windows Server 2012, Microsoft introduces a new GUI to manage Active Directory called ADAC (Active Directory Administrative Center). However in Windows Server 2008, PSO could only be created with PowerShell command. With Windows Server 2008, Microsoft introduces Password Settings Object (PSO) that enables to apply Fine-Grained password policy linked to users or groups object. So only one password policy was possible without do-it-yourself. Before Windows Server 2008, passwords were only managed via the Default Domain Policy GPO.