AD password policy in Forms auth against AD

From: Nils Magnus Englund (nils.magnus.englund_at_orkfin.no)
Date: 12/17/04 

Date: Fri, 17 Dec 2004 11:47:53 +0100

Hey!

I've successfully followed Microsofts example on how to use Forms
authentication with Active Directory (from the "Building Secure ASP.NET
Applications" How To-section). However, I would very much like to use AD's
password policy features, specifically:

1. I want the user to get a warning e.g. two weeks before his/hers password
expires

2. I want the user to be able to change password (assuming the new password
meets the requirements set by the password policy)

3. If the password has expired, I want the user to still be able to log in,
but forced to change password in order to continue. (If this isn't possible
with AD, I could set the expiration time to a year, and force the user to
change password if there's less than 300 days left, in effect giving the
user two months password expiration with another 300 days before the user is
disabled/blocked).

Any ideas and/or suggestions? This will be used on a portal with several
hundred customers, where all customers will be stored in a AD (in their own
"External users" OU).

Thanks!

Regards,
Nils Magnus Englund