How To Check If A PSO Has Been Applied To A User Or Group
In Windows Server 2008 you can implement multiple password policies for users or groups. The effective password policies for a user or group are stored in AD Attributes. You need to use Attribute Editor to check the password policy status. There is an attribute that you need to check.
- Right Click on User or Group > Property.
- Click on Attribute Editor Tab.
- Find the msDS-ResultantPSO attribute.
- If a password policy or PSO applies to a user or group, it will be displayed in the attribute's property with the CN of the PSO.