diff --git a/sssd_test_framework/roles/generic.py b/sssd_test_framework/roles/generic.py
index bcf0708..873d2ec 100644
--- a/sssd_test_framework/roles/generic.py
+++ b/sssd_test_framework/roles/generic.py
@@ -17,6 +17,7 @@
     "GenericProvider",
     "GenericADProvider",
     "GenericOrganizationalUnit",
+    "GenericPasswordPolicy",
     "GenericUser",
     "GenericGroup",
     "GenericComputer",
@@ -76,6 +77,31 @@ def features(self) -> dict[str, Any]:
     def firewall(self) -> Firewall:
         pass
 
+    @property
+    @abstractmethod
+    def password(self) -> GenericPasswordPolicy:
+        """
+        Domain password policy management.
+
+        .. code-block:: python
+            :caption: Example usage
+
+            @pytest.mark.topology(KnownTopologyGroup.Any)
+            def test_example(client: Client, provider: GenericProvider):
+                # Enable password complexity
+                provider.password.complexity(enable=True)
+
+                # Set 3 login attempts and 30 lockout duration
+                provider.password.lockout(attempts=3, duration=30)
+
+                # Set password length requirement to 12 characters
+                provider.password.requirement(length=12)
+
+                # Set password max age to 30 seconds
+                provider.password.age(maximum=30)
+        """
+        pass
+
     @abstractmethod
     def user(self, name: str) -> GenericUser:
         """
@@ -532,6 +558,17 @@ def expire(self, expiration: str | None = "19700101000000") -> GenericUser:
         """
         pass
 
+    @property
+    @abstractmethod
+    def password_change_at_logon(self) -> GenericUser:
+        """
+        Force user to change password next logon.
+
+        :return: Self.
+        :rtype: GenericUser
+        """
+        pass
+
     @abstractmethod
     def delete(self) -> None:
         """
@@ -1275,3 +1312,61 @@ def policy(self, logon_rights: dict[str, list[Any]], cfg: dict[str, Any] | None
         :rtype: GenericGPO
         """
         pass
+
+
+class GenericPasswordPolicy(ABC, BaseObject):
+    """
+    Password policy management.
+    """
+
+    @abstractmethod
+    def complexity(self, enable: bool) -> GenericPasswordPolicy:
+        """
+        Enable or disable password complexity.
+
+        :param enable: Enable or disable password complexity.
+        :type enable: bool
+        :return: GenericPasswordPolicy object.
+        :rtype: GenericPasswordPolicy
+        """
+        pass
+
+    @abstractmethod
+    def lockout(self, duration: int, attempts: int) -> GenericPasswordPolicy:
+        """
+        Set lockout duration and login attempts.
+
+        :param duration: Duration of lockout in seconds.
+        :type duration: int
+        :param attempts: Number of login attempts.
+        :type attempts: int
+        :return: GenericPasswordPolicy object.
+        :rtype: GenericPasswordPolicy
+        """
+        pass
+
+    @abstractmethod
+    def age(self, minimum: int, maximum: int) -> GenericPasswordPolicy:
+        """
+        Set maximum and minimum password age.
+
+        :param minimum: Minimum password age in seconds.
+        :type minimum: int
+        :param maximum: Maximum password age in seconds.
+        :type maximum: int
+        :return: GenericPasswordPolicy object.
+        :rtype: GenericPasswordPolicy
+        """
+        pass
+
+    @abstractmethod
+    def requirements(self, length: int) -> GenericPasswordPolicy:
+        """
+        Set password requirements, like length.
+
+        :param length: Required password character count.
+        :type length: int
+        :return: GenericPasswordPolicy object.
+        :rtype: GenericPasswordPolicy
+        """
+        pass