The Get-PasswordFilterResult cmdlet allows you to programatically test passwords against your password policy.

This cmdlet does not attempt to change the user's password, nor does it contact the domain controller. Use of this cmdlet requires that the group policy for the password filter is configured and applied to the computer you are running the cmdlet on. The password filter does not need to be configured to filter passwords on the local computer, but the policy needs to be in place.

Syntax

Get-PasswordFilterResult -Password <string> -Username <string> -Fullname <string> -IsSetOperation <bool>

Get-PasswordFilterResult -SecurePassword <SecureString> -Username <string> -Fullname <string> -IsSetOperation <bool>

Parameters

Password

Required. The password to test

SecurePassword

Required. The password to test as a SecureString

Username

Required. The username of the user who would be changing their password

Fullname

Required. The full name of the user who would be changing their password

IsSetOperation

Optional. A boolean value indicating whether this should simulate a password set operation. The default value is false if not specified, which indicates that a password change operation should be simulated.

Return value

The cmdlet will return one of the following values

Examples

PS> Get-PasswordFilterResult -Password "password" -Username "test-user" -Fullname "John Test"
Banned

PS> Get-PasswordFilterResult -Password "John" -Username "test-user" -Fullname "John Test"
ContainsFullName

The following example prompts for a password to test

Get-PasswordFilterResult -SecurePassword (Read-Host -Prompt "Enter the password" -AsSecureString) -Username (Read-Host -Prompt "Enter the user's username") -Fullname (Read-Host -Prompt "Enter the user's full name")