Menu
I have a frontend which allows the User to change it's AD Password.
Is there a Way to get the password policy (for example fine grained) for a specific user and its properties (Length, Complexity...)
Is there a Way to check the string "xyz121" against this specific policy?
EDIT: I don't want to check against the current password stored in the active directory. I want to check if the new password would could be safed into active directory. For Example: User types in his NEW password "xyz121" and wants to change it but active directory just allows passwords with at least 8 chars.
747
Yes, you can check the Last Password Changed information for a user account in AD. The information for the last password changed is stored in an attribute called “PwdLastSet”. You can check the value of “PwdLastSet” using the Microsoft “ADSI Edit” tool.
Right click on the domain and select properties. Select the Group Policy tab. Select the domain group policy object and select Edit. Expand the 'Computer Configuration' branch - 'Windows Settings' - 'Security Settings' - 'Account Policies' - 'Password Policy'
To confirm which fine-grained policy is applied to a user, search for them in the Global Search in the Active Directory Administrative Center then choose 'view resultant password settings' from the tasks menu.
Trailing through SO and google came up with this - http://blogs.msdn.com/b/david_leblanc/archive/2007/10/11/checking-password-complexity.aspx
Started from this SO post - Determine AD password policy programmatically
Which led to this SO answer - https://stackoverflow.com/a/10549823/416574
which led to that above blog post. Hope that helps.
(Feel free to not upvote, this just seemed like too much text for a comment, but really no work here but googling).
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
