为符合复杂性策略的 AD 用户帐户生成密码 [英] Generate password for AD user account that meets complexity policy
问题描述
我需要自动创建AD
用户.问题是,确保生成的密码符合AD
的密码策略.我不知道政策是什么,有没有办法在运行时确定?这是我正在使用的,但您可以看到 length=16
和 4 非字母数字字符
的复杂性是静态的,并且可能并不总是有效.我正在寻找一种从 AD
获取密码策略的方法,以便生成的密码正确.
I need to create AD
users automatically. The problem is, making sure the generated password meets the password policy of AD
. I don't know what the policy will be, is there a way to determine that at runtime? This is what I'm using but you can see the complexity is static to length=16
and 4 non-alphanumeric chars
and might not always work. I am looking for a way to get the password policy from AD
so the generated passwords are correct.
UserPrincipal up = new UserPrincipal(oPrincipalContext);
up.SamAccountName = userId;
up.SetPassword(System.Web.Security.Membership.GeneratePassword(16, 4));
up.Enabled = false;
up.ExpirePasswordNow();
up.Save();
推荐答案
这是我正在使用的.我使用 DirectoryEntry/LDAP
获取密码属性,然后使用这些属性来创建密码.
This is what I'm using. I'm getting the password properties using DirectoryEntry/LDAP
, then use those to create the password.
DirectoryEntry child = new DirectoryEntry("LDAP://machine/DC=domain,DC=com");
int minPwdLength = (int)child.Properties["minPwdLength"].Value;
int pwdProperties = (int)child.Properties["pwdProperties"].Value;
在创建密码时使用属性.
Use the properties when creating the password.
UserPrincipal up = new UserPrincipal(oPrincipalContext);
up.SamAccountName = userId;
up.SetPassword(System.Web.Security.Membership.GeneratePassword(minPwdLength,
pwdProperties));
up.Enabled = true;
up.ExpirePasswordNow();
up.Save();
这篇关于为符合复杂性策略的 AD 用户帐户生成密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!