确定AD密码策略编程 [英] Determine AD password policy programmatically
问题描述
我一直在使用 System.DirectoryService (ADSI)类和方法来创建和更改用户在Active Directory中。
I have been using the System.DirectoryService (ADSI) classes and methods to create and change users in an Active Directory.
最近我们增加了一个功能,让用户可以通过系统设置自己的密码。但是,使用 SetPassword 方法抛出时,密码不被接受的密码策略设置例外。
Recently we added a feature to allow users to set their own password through the system. However, using the SetPassword method throws an exception when the password is not accepted by the Password Policy set.
userEntry.Invoke("SetPassword", new object[] {password});
我的问题是:我如何检查,看是否有密码,不辜负密码策略,尝试使用SetPassword-方法之前
My question is: How do I check to see if a password lives up to the password policy, before attempting to use the SetPassword-method?
我读<一href="http://stackoverflow.com/questions/313859/reading-the-local-password-policy-programmatically">this帖子,你可以得到的密码策略设置,从根域节点,但我在哪里可以了解更多关于什么每个属性的意思吗?例如,哪些字符需要fullfill的复杂性的政策?
I read in this post that you can get the Password Policy-settings from the root domain node, but where can I read more about what each attribute means? For instance, which characters are required to fullfill the "Complexity" policy?
有一次,我知道这一点,我可以实现我自己的密码校验方法,但是因为这是一个容易出错的做法,我宁愿使用内置的检查,并就什么是错密码的用户相应的信息
Once I know this, I can implement my own password check-method, but as this is an error-prone approach, I would rather use a built-in check and give the user appropriate info on what is wrong with their password.
推荐答案
我的工作在我工作的一个类似项目。我们正在推出一个忘记密码的应用程序。最后我只是在做一个Invoke(SetPassword,[randomString]),并保存随机字符串调用(的ChangePassword,[randomString],[用户提供的密码])。所述的ChangePassword的结果被返回给用户。
I am working on a similar project at my work. We are rolling a forgot password application. I ended up just doing an Invoke("SetPassword", "[randomString]") and saved the random string for the Invoke("ChangePassword","[randomString]","[user supplied pw]"). The result of the ChangePassword was returned to the user.
SetPassword不检查密码的复杂性和历史规则。这是一样的右键点击用户在公元并选择重设密码。的ChangePassword然而,这检查密码历史要求。
SetPassword does not check for password complexity or history rules. It is the same as right clicking a user in AD and selecting "Reset Password." ChangePassword however, does check for password history requirements.
这篇关于确定AD密码策略编程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
