Assigning password policies to your AWS Managed Microsoft AD users - AWS Directory Service

Assigning password policies to your AWS Managed Microsoft AD users

User accounts that are a member of the AWS Delegated Fine Grained Password Policy Administrators security group can use the following procedure to assign policies to users and security groups.

To assign password policies to your users
  1. Launch Active Directory administrative center (ADAC) from any managed EC2 instance that you joined to your AWS Managed Microsoft AD domain.

  2. Switch to the Tree View and navigate to System\Password Settings Container.

  3. Double click on the fine-grained policy you want to edit. Click Add to edit the policy properties, and add users or security groups to the policy. For more information about the default fine-grained policies provided with AWS Managed Microsoft AD, see AWS pre-defined password policies.

  4. To verify the password policy has been applied, run the following PowerShell command:

    Get-ADUserResultantPasswordPolicy -Identity 'username'
Note

Avoid using the net user command as its results could be inaccurate.

If you do not configure any of the five password policies in your AWS Managed Microsoft AD directory, Active Directory uses the default domain group policy. For additional details on using Password Settings Container, see this Microsoft blog post.