How can I get the minimum required password length value from Active Directory in .NET
https://stackoverflow.com/questions/226378
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm implementing a plugin architecture to implement authentication an external authentication mechanism for a web site. One of the plugins I plan to provide is an ActiveDirectory plugin. I'd like to implement some of the features of a MembershipProvider, including MinRequiredPasswordLength, but don't want to fully implement or configure an ActiveDirectoryMembershipProvider.
Does anyone know how to query AD and get the minimum required password length? I know that this can be set by GPO and vary by user/computer depending on policies, but I'd like to provide a default based on the domain default instead of an arbitrary number.
[EDIT] The configuration example for an ActiveDirectoryMembershipProvider shows this as being set in the configuration. Is there no way to have this tied to the domain policies?
Solution
The root of the domain has a property called "minPwdLength" There are several other attributes related to password policy (minPwdAge, maxPwdAge, lockoutDuration, etc)
In a Windows Server 2008 Domain with Fine Grained Password policy this get's more complicated though since you can have different password policies for different OU's.
OTHER TIPS
just a hint: I use DirectorySearcher (System.DirectoryServices) to query the ActiveDirectory, I don't kbow if there is a way to query what you're looking for...
Hope it helps
