• Use dsconfig (in interactive or non-interactive mode) or the Administrative Console to create a new pasword policy. The following example demonstrates the process for creating a new policy using dsconfig in non-interactive mode.
    $ bin/dsconfig create-password-policy \ 
      --policy-name "Demo Password Policy" \
      --set "password-attribute:userpassword" \ 
      --set "default-password-storage-scheme:Salted SHA-256" \
      --set "force-change-on-add:true" \
      --set "force-change-on-reset:true" \ 
      --set "password-expiration-warning-interval:2 weeks" \
      --set "max-password-age:90 days" \
      --set "lockout-duration:24 hours" \ 
      --set "lockout-failure-count:3" \ 
      --set "password-change-requires-current-password:true"