Gets the resultant password replication policy for an Active Directory account.
The Get-ADAccountResultantPasswordReplicationPolicy gets the resultant password replication policy for a user, computer or service account on the specified read-only domain controller.
The policy will be one of the following values:
Allow or 1
DenyExplicit or 0
DenyImplicit or 2
Unknown or -1
The Identity parameter specifies the account. You can identify a user, computer, or service account object by its distinguished name (DN), GUID, security identifier (SID) or Security Account Manager (SAM) account name. You can also set the Identity parameter to an account object variable, such as $, or pass an account object through the pipeline to the Identity parameter. For example, you can use the Get-ADUser, Get-ADComputer, Get-ADServiceAccount or Search-ADAccount cmdlets to retrieve an account object and then pass the object through the pipeline to the Get-ADAccountResultantPasswordReplicationPolicy cmdlet.
The DomainController parameter specifies the read-only domain controller. You can identify a domain controller by its IPV4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN, SamAccountName, GUID, SID of the computer object that represents the domain controller. You can also set the DomainController parameter to a domain controller object variable, such as $.
Parameters
-AuthType
Specifies the authentication method to use. Possible values for this parameter include:
Required? false
Position? named
Default value Microsoft.ActiveDirectory.Management.AuthType.Negotiate
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DomainController <ADDomainController>
Specifies a read-only domain controller (RODC). The cmdlet returns the password replication policy of the account for this RODC. You can identify the domain controller by providing one of the following values.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Identity <ADAccount>
Specifies an Active Directory account object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.
Required? true
Position? 1
Default value
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-Partition <String>
Specifies the distinguished name of an Active Directory partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the Identity parameter.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Server <String>
Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory Snapshot instance.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
Syntax
Get-ADAccountResultantPasswordReplicationPolicy [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-DomainController] <ADDomainController> [-Identity] <ADAccount> [-Partition <String>] [-Server <String>] [<CommonParameters>]
This cmdlet does not work with AD LDS.
C:\PS>Get-ADAccountResultantPasswordReplicationPolicy BradSu “TOSSolution-RODC1”
Get the resultant password replication policy on the domain for a given user account.
C:\PS>Get-ADAccountResultantPasswordReplicationPolicy BobKe -DomainController “TOSSolution-RODC1”
Get the resultant password replication policy on a specific domain controller for a given user account.
C:\PS>Get-ADAccountResultantPasswordReplicationPolicy “CN=Seema Karthik,OU=Europe,OU=Sales,OU=UserAccounts,DC=TOSSolution,DC=COM” “TOSSolution-RODC1”
Get the resultant password replication policy on a specific domain controller for a given user account DN.
Get-Command Get-ADAccountResultantPasswordReplicationPolicy
. Get-ADComputer
. Get-ADServiceAccount
. Get-ADUser
. Search-ADAccount