我正在创建一个Active Directory 实验室,以Windows Server 2022作为域控制器。
我想使用powershell删除域上密码的复杂性要求。
我确实尝试使用以下命令:
$passwordPolicy = Get-ADDefaultDomainPasswordPolicy
$passwordPolicy.ComplexityEnabled = $false
Set-ADDefaultDomainPasswordPolicy $passwordPolicy
没有错误消息。但复杂性要求仍然存在,如下所示ComplexityEnabled
:
> Get-ADDefaultDomainPasswordPolicy
ComplexityEnabled : True
DistinguishedName : DC=poudlard,DC=wizard
LockoutDuration : 00:30:00
LockoutObservationWindow : 00:30:00
LockoutThreshold : 0
MaxPasswordAge : 42.00:00:00
MinPasswordAge : 00:00:00
MinPasswordLength : 0
objectClass : {domainDNS}
objectGuid : 6f5b0803-0227-4454-899f-28df34343bfa
PasswordHistoryCount : 0
ReversibleEncryptionEnabled : False
我的用户属于Domain admins
:
PS C:\Users\vagrant> whoami /groups
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
=============================================== ================ ============================================ ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
poudlard\Domain Admins Group S-1-5-21-1683605283-797255120-3757226006-512 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
poudlard\Denied RODC Password Replication Group Alias S-1-5-21-1683605283-797255120-3757226006-572 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\High Mandatory Level Label S-1-16-12288
可能存在什么问题?
嗯,我很愚蠢。
域名为
poudlard.wizard
。可以使用以下命令停用密码复杂性要求。