我正在创建一个Active Directory 实验室,以Windows Server 2022作为域控制器

我想使用powershell删除域上密码的复杂性要求

我确实尝试使用以下命令:

$passwordPolicy = Get-ADDefaultDomainPasswordPolicy
$passwordPolicy.ComplexityEnabled = $false
Set-ADDefaultDomainPasswordPolicy $passwordPolicy

没有错误消息。但复杂性要求仍然存在,如下所示ComplexityEnabled

> Get-ADDefaultDomainPasswordPolicy


ComplexityEnabled           : True
DistinguishedName           : DC=poudlard,DC=wizard
LockoutDuration             : 00:30:00
LockoutObservationWindow    : 00:30:00
LockoutThreshold            : 0
MaxPasswordAge              : 42.00:00:00
MinPasswordAge              : 00:00:00
MinPasswordLength           : 0
objectClass                 : {domainDNS}
objectGuid                  : 6f5b0803-0227-4454-899f-28df34343bfa
PasswordHistoryCount        : 0
ReversibleEncryptionEnabled : False

我的用户属于Domain admins

PS C:\Users\vagrant> whoami /groups

GROUP INFORMATION
-----------------

Group Name                                      Type             SID                                          Attributes
=============================================== ================ ============================================ ===============================================================
Everyone                                        Well-known group S-1-1-0                                      Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                          Alias            S-1-5-32-544                                 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                                   Alias            S-1-5-32-545                                 Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access      Alias            S-1-5-32-554                                 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NETWORK                            Well-known group S-1-5-2                                      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users                Well-known group S-1-5-11                                     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization                  Well-known group S-1-5-15                                     Mandatory group, Enabled by default, Enabled group
poudlard\Domain Admins                          Group            S-1-5-21-1683605283-797255120-3757226006-512 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity      Well-known group S-1-18-1                                     Mandatory group, Enabled by default, Enabled group
poudlard\Denied RODC Password Replication Group Alias            S-1-5-21-1683605283-797255120-3757226006-572 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\High Mandatory Level            Label            S-1-16-12288

可能存在什么问题?

2

  • 1
    当您使用该命令时会发生什么:Set-ADDefaultDomainPasswordPolicy -ComplexityEnabled $false


    – 


  • @GregAskew,它有效。它只需要 -Identity 参数。就像-Identity "DC=poudlard,DC=wizard"。我现在感觉自己很蠢。很抱歉浪费了你的时间


    – 



最佳答案
1

嗯,我很愚蠢。

域名为poudlard.wizard。可以使用以下命令停用密码复杂性要求。

Set-ADDefaultDomainPasswordPolicy -Identity "DC=poudlard,DC=wizard" -ComplexityEnabled $false