/GetADPSO

This Python script retrieves and displays fine-grained password policies (FGPPs) applied to users and groups in Active Directory.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Introduction

This Python script retrieves and displays fine-grained password policies (FGPPs) applied to users and groups in Active Directory. It also displays details of configured PSO, including attributes such as minimum password length, password complexity, lockout duration, etc.

The script performs the following actions:

  • Displays groups with PSO applied.
  • Displays users with PSO applied.
  • Displays details of PSO configured in Active Directory.

Installation

Prerequisites

  • Python3
  • ldap3
  • python-dateutil
pip install ldap3 python-dateutil
wget https://raw.githubusercontent.com/WiseLife42/GetADPSO/main/GetADPSO.py

Usage

# python3 GetADPSO.py -h

usage: GetADPSO.py [-h] -u USERNAME -p PASSWORD -d DOMAIN

Script to retrieve the msDS-ResultantPSO attribute for all users and groups in Active Directory who have this attribute defined, and show the details of the PSO policies.

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        Username for Active Directory
  -p PASSWORD, --password PASSWORD
                        Password for Active Directory
  -d DOMAIN, --domain DOMAIN
                        Domain for Active Directory

Running with a standard account

image

Running with an administrator account

image