Re: Regex for default AD policy?

---

• From: "Michael D'Angelo" <nospamnmdange@xxxxxxxxxxxxxxx>
• Date: Thu, 27 Jul 2006 11:41:08 -0400

---

Well I came up with the following which seems to do it (minus unicode
characters.) I'm not too happy with it given I had to account for all 24
different possible 3-way combination of the 4 categories.

..*(([a-z]+)([A-Z]+)([0-9]+)|([a-z]+)([0-9]+)([A-Z]+)|([a-z]+)([A-Z]+)([^A-Za-z0-9]+)|([a-z]+)([^A-Za-z0-9]+)([A-Z]+)|([a-z]+)([0-9]+)([^A-Za-z0-9]+)|([a-z]+)([^A-Za-z0-9]+)([0-9]+)|([A-Z]+)([a-z]+)([0-9]+)|([A-Z]+)([0-9]+)([a-z]+)|([A-Z]+)([a-z]+)([^A-Za-z0-9]+)|([A-Z]+)([^A-Za-z0-9]+)([a-z]+)|([A-Z]+)([0-9]+)([^A-Za-z0-9]+)|([A-Z]+)([^A-Za-z0-9]+)([0-9]+)|([0-9]+)([A-Z]+)([a-z]+)|([0-9]+)([a-z]+)([A-Z]+)|([0-9]+)([A-Z]+)([^A-Za-z0-9]+)|([0-9]+)([^A-Za-z0-9]+)([A-Z]+)|([0-9]+)([a-z]+)([^A-Za-z0-9]+)|([0-9]+)([^A-Za-z0-9]+)([a-z]+)|([^A-Za-z0-9]+)([A-Z]+)([0-9]+)|([^A-Za-z0-9]+)([0-9]+)([A-Z]+)|([^A-Za-z0-9]+)([a-z]+)([A-Z]+)|([^A-Za-z0-9]+)([A-Z]+)([a-z]+)|([^A-Za-z0-9]+)([0-9]+)([a-z]+)|([^A-Za-z0-9]+)([a-z]+)([0-9]+)).*

Only thing missing is requiring a minimum length, but I don't see how one
could do that after matching.

"Michael D'Angelo" <nospamnmdange@xxxxxxxxxxxxxxx> wrote in message
news:uxcrWS0rGHA.4296@xxxxxxxxxxxxxxxxxxxxxxx

I'm not too familiar with writing regexes. Does anyone have a regex handy
that mirrors the default complexity requirements for AD. I know there are
a few additional reasons a password change could fail, but I'm hoping to
at least save the trouble of trying to change the password for some of the
time. (This is for an ASP.NET site using a modified AD
MembershipProvider).

The requirements MS describes are:
The password contains characters from at least three of the following five
categories:
. English uppercase characters (A - Z)

. English lowercase characters (a - z)

. Base 10 digits (0 - 9)

. Non-alphanumeric (For example: !, $, #, or %)

. Unicode characters



I could probably write a regex to require any particular one, but I don't
know how to do the "at least three of the following five categories"

.

---

• Follow-Ups:
  • Re: Regex for default AD policy?
    • From: Michael D'Angelo

• References:
  • Regex for default AD policy?
    • From: Michael D'Angelo

• Prev by Date: RE: Login failed for user '(null)'.
• Next by Date: Problems with Process.Start
• Previous by thread: Regex for default AD policy?
• Next by thread: Re: Regex for default AD policy?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: GPO stumper - Complexity Req error on pwd change... ... The hotfix you are mentioning above will not solve the problem you are ... The issue here is that you have the policy set with a minimum password ... English uppercase characters; ... (microsoft.public.windows.group_policy) Re: Password Complexity ... >Steve wrote: ... >Shenan Stanley wrote: ... >English uppercase characters ... (microsoft.public.security) Re: Password Complexity ... Steve wrote: ... Shenan Stanley wrote: ... English uppercase characters ... (microsoft.public.security) Re: Minimum Password Length in LSP ... do not store lan manager hash value on next password change. ... still could have a user policy requiring passwords of at least 15 characters ... and train users to think pass phrases instead of passwords. ... (microsoft.public.windowsxp.security_admin) RE: Windows 2000 Password message ... Not sure it it will work with the Swedish version ... The password supplied does not meet the minimum complexity requirements. ... English uppercase characters; ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)