Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can you test if an AD password will meet configured complexity requirements?

In a net 3.5 csharp application I need to know in advance if an AD password will meet configured complexity requirements.
How can you do that?

like image 958
Rodrigo Juarez Avatar asked Jul 12 '10 00:07

Rodrigo Juarez


2 Answers

If you want to fetch the requirements from AD, then the links in @Leniel Macaferi's answer should help.

If you already know the expected requirements and your app is accepting the proposed password as a string, you can make the tests yourself. Some common requirements and ways to calculate them include:

  • Minimum length: it's easy to check the length of the string
  • Complexity: common requirements would be "at least three from this list: lowercase, uppercase, numbers, characters", so you want to create a counter, then use a regex to test if each condition matches and increment the counter for each one. So, for example, your regexes would be like [a-z], [A-Z], [0-9], [~!@#$%^&*()-_\+=<,>\.\?\/]; for each one that matches, add 1 to your counter. If the count at the end is less than your requirements, the password fails. (You could even be extra nice to the user and suggest one of the categories they missed, if you kept boolean variables for the categories they used and didn't use.)
  • Easy guesses: You can create your own equality test to ensure that the user isn't picking a password that matches their username or other banned passwords.
  • Recently-used passwords: Um, this one isn't so easy... you can't really figure it out without help from Active Directory.
like image 188
ewall Avatar answered Oct 12 '22 18:10

ewall


These links may point you in the right track:

Change user password in ADS and check the domain password policy (C#)?

User Management with Active Directory—Managing Passwords for ADAM Users

Determining Domain-Wide Account Policies (this one appears to have what you need)

like image 20
Leniel Maccaferri Avatar answered Oct 12 '22 17:10

Leniel Maccaferri