Hi
In a net 3.5 csharp application I need to know in advance if an AD password will meet configured complexity requirements. How can you do that?
TIA
views:
53answers:
2
+2
A:
These links may point you in the right track:
Change user password in ADS and check the domain password policy (C#)?
User Management with Active Directory—Managing Passwords for ADAM Users
Determining Domain-Wide Account Policies (this one appears to have what you need)
Leniel Macaferi
2010-07-12 00:56:56
+1
A:
If you want to fetch the requirements from AD, then the links in @Leniel Macaferi's answer should help.
If you already know the expected requirements and your app is accepting the proposed password as a string, you can make the tests yourself. Some common requirements and ways to calculate them include:
- Minimum length: it's easy to check the length of the string
- Complexity: common requirements would be "at least three from this list: lowercase, uppercase, numbers, characters", so you want to create a counter, then use a regex to test if each condition matches and increment the counter for each one. So, for example, your regexes would be like
[a-z],[A-Z],[0-9],[~!@#$%^&*()-_\+=<,>\.\?\/]; for each one that matches, add 1 to your counter. If the count at the end is less than your requirements, the password fails. (You could even be extra nice to the user and suggest one of the categories they missed, if you kept boolean variables for the categories they used and didn't use.) - Easy guesses: You can create your own equality test to ensure that the user isn't picking a password that matches their username or other banned passwords.
- Recently-used passwords: Um, this one isn't so easy... you can't really figure it out without help from Active Directory.
ewall
2010-07-12 04:08:28