Re: NetUserGetGroups inside passfilt.dll

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 05/31/05 

Date: Mon, 30 May 2005 20:58:40 -0400

The NET* API calls lock up when you are in the middle PasswordFilter, use LDAP
calls instead.

    joe 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Robert N Myhre wrote:
> Hello,
> 
>   I am working on a customized passfilt.dll and I want to be able to check 
> the user groups of the passed in AccountName.  I implemented the function to 
> call NetUserGetGroups successfully within a console app, but when I move the 
> code inside the passfilt.dll, a call to change the password locks up.
> 
>   I am beginning to think it is a security context issue.  What do I need to 
> do to get the NetUserGetGroups call to work within the passfilt.dll?
> 
> Thanks

Relevant Pages

  • Re: LDAP attribute masking
    ... Use two attributes, one attribute has full id, the other has partial and then lock down who can see full ID. ... Joe Richards Microsoft MVP Windows Server Directory Services ... I know i can do it within the app but the problem i have is if they were to use vbscript or Dsquery on there local machines to query ldap then they would be able to see the entire id. ... I would like to know if there is a way to mask an attribute in AD so that when non administrators query AD it only returns n number of digits. ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDAP attribute masking
    ... isn't a good idea to lock down attribs in AD this way. ... Joe Richards Microsoft MVP Windows Server Directory Services ... personnel will be able to query AD for a users employee id in order ... AD it only returns n number of digits. ...
    (microsoft.public.windows.server.active_directory)