Assign password policies to your users - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Assign password policies to your users

User accounts that are a member of the Amazon Delegated Fine Grained Password Policy Administrators security group can use the following procedure to assign policies to users and security groups.

To assign password policies to your users
  1. Launch Active Directory administrative center (ADAC) from any managed EC2 instance that you joined to your Amazon Managed Microsoft AD domain.

  2. Switch to the Tree View and navigate to System\Password Settings Container.

  3. Double click on the fine-grained policy you want to edit. Click Add to edit the policy properties, and add users or security groups to the policy. For more information about the default fine-grained policies provided with Amazon Managed Microsoft AD, see Amazon pre-defined password policies.

  4. To verify the password policy has been applied, run the following PowerShell command:

    Get-ADUserResultantPasswordPolicy -Identity 'username'

Avoid using the net user command as its results could be inaccurate.

If you do not configure any of the five password policies in your Amazon Managed Microsoft AD directory, Active Directory uses the default domain group policy. For additional details on using Password Settings Container, see this Microsoft blog post.