Re: Password policy

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/01/05 

Date: Fri, 30 Sep 2005 21:52:11 -0700

This is hard to do in general because custom password filters can be
installed that might make it very difficult for you to programmatically
determine if a particular password will be accepted. However, if there is
no custom filter, you can query the domain root object via LDAP to get the
min length and complexity flag settings. The attributes are minPwdLength
and pwdProperties. The enum values for pwdProperties are defined in the
MSDN AD schema docs. I'm not sure if you need more help than that.

Another approach you might consider would be to paramaterize some stuff that
can be set via web.config and let the admin for the app configure that
behavior instead of trying to determine it programmatically. That might be
a lot easier.

Joe K.

"Tom" <Tom@discussions.microsoft.com> wrote in message
news:33F83166-DBA8-489F-B6A7-4BBE3526C935@microsoft.com...
> have collection of web parts on my Share point (WS2003 + SPS2003) site and
> one of these sites contains formula for filling user data (name, login,
> unit,
> and password).
>
> When I save this user data into active directory, filled password is
> verified if is correct and if password matches password policies (One
> upper
> letter, number..), but I have these policies hard coded in my source code.
>
>
>
> But I need to check password policies on dependency of current server
> password policies settings, but I don't know how to do it. I need to
> compare,
> if filled password matches server policies of current server.
>
>
>
> P.S. My source code is written in C#.
>
> Thanks for any comment !!!

Relevant Pages

  • Re: Using GPO to implement Password Policy
    ... you will need at least a separate server. ... Password, Kerberos, and Lockout policy. ... To use password policies you must use them at the domain level. ... I then attempted to then link this GPO to a test OU, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Server Auditing
    ... We have a free tool called DumpWin that does an extensive amount of data gathering on Windows 2000/NT machines including user information, password policies, account lockout policies, etc. ... It's a small exe that runs on the server side, you only need to drop it and execute it. ...
    (Security-Basics)
  • Re: GPO Improvements with server 2008
    ... I would really like to use the new GPOs for domain password policies. ... there are a lot of papers out there stating the improvements of GPOs in Server 2008. ... In order to use the Fine-grained password policies as they are called, you need to have Windows Server 2008 domain functional level which means that all DCs of the domain need to be 2008. ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy Question
    ... >>> Password policies can only be configured at REALM level for the users ... >>> that REALM. ... A realm could be a domain, a single server, a single ... >>> users that belong only to the local server or client ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Policy Question
    ... MVP Windows Server - Directory Services ... >> It is not possible to configure password policies on an OU for users in a ... >> Password policies can only be configured at REALM level for the users ... >> users that belong only to the local server or client ...
    (microsoft.public.windows.server.active_directory)
Quantcast