Assign password policies to your users

User accounts that are a member of the AWS Delegated Fine Grained Password Policy Administrators security group can use the following procedure to assign policies to users and security groups.

To assign password policies to your users

Launch Active Directory administrative center (ADAC) from any managed EC2 instance that you joined to your AWS Managed Microsoft AD domain.
Switch to the Tree View and navigate to System\Password Settings Container.
Double click on the fine-grained policy you want to edit. Click Add to edit the policy properties, and add users or security groups to the policy. For more information about the default fine-grained policies provided with AWS Managed Microsoft AD, see AWS pre-defined password policies.
To verify the password policy has been applied, run the following PowerShell command:
```
Get-ADUserResultantPasswordPolicy -Identity 'username'
```

Note

Avoid using the net user command as its results could be inaccurate.

If you do not configure any of the five password policies in your AWS Managed Microsoft AD directory, Active Directory uses the default domain group policy. For additional details on using Password Settings Container, see this Microsoft blog post.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Delegate who can manage your password policies

Enable multi-factor authentication