Automatically building a Microsoft BI machine using PowerShell – Password policy (post #8)

This post is #8 in the series to automatically build a Microsoft BI machine using PowerShell – see the start of series.

In this series so far:

Start of series – introduction and layout of subjects Post #2 – Preparation: install files using Azure disk Post #3 – Preparation: install files using Azure File Service Post #4 –Preparation: logging infrastructure Post #5 – Master script Post #6 – Disabling Internet Explorer Enhanced Security Configuration Post #7 – Active Directory setup

In this step we will configure a very permissive password policy. This of course requires that the previous step (setting up Active Directory) has successfully completed. The password policy set using this script is only suitable for demo environments since it is very, very (did I say very?) permissive; it sets a minimal password length of 0, does not record any history of passwords (you can re-use your password again and again), passwords never expire and do not have to follow complexity rules. So, even an empty password is allowed (although not recommended since your Windows services will then not start). However, having ‘1234’ as password would work perfectly under this policy (and no, this is not the password I use for my demo machines).

Function ConfigurePasswordPolicy {
        [Parameter(Mandatory=$true,HelpMessage="Domain name required, please specify in format yyy.zzz")]
    Write-Log -Verbose  "Step 3: Configure Password Policy"
   try {
    Set-ADDefaultDomainPasswordPolicy -Identity $DomainName -MinPasswordLength:0 -PasswordHistoryCount:0 -MaxPasswordAge:0 -MinPasswordAge:0 -ComplexityEnabled:$false
    Write-Log -Verbose  "Password Policy Configured"
    if ($global:DoAllTasks) {
        Set-Restart-AndResume $global:script "5"
    catch {
    Write-Log -Verbose  "Failed to configure Password Policy. Error: $_.Exception.Message"


Next step: installing System Center Endpoint protection