为符合复杂性策略的 AD 用户帐户生成密码 [英] Generate password for AD user account that meets complexity policy

问题描述

我需要自动创建AD 用户.问题是，确保生成的密码符合AD的密码策略.我不知道政策是什么，有没有办法在运行时确定?这是我正在使用的，但您可以看到 length=16 和 4 非字母数字字符 的复杂性是静态的，并且可能并不总是有效.我正在寻找一种从 AD 获取密码策略的方法，以便生成的密码正确.

I need to create AD users automatically. The problem is, making sure the generated password meets the password policy of AD. I don't know what the policy will be, is there a way to determine that at runtime? This is what I'm using but you can see the complexity is static to length=16 and 4 non-alphanumeric chars and might not always work. I am looking for a way to get the password policy from AD so the generated passwords are correct.

UserPrincipal up = new UserPrincipal(oPrincipalContext);                        
                    up.SamAccountName = userId;
                    up.SetPassword(System.Web.Security.Membership.GeneratePassword(16, 4));                        
                    up.Enabled = false;
                    up.ExpirePasswordNow();    
                    up.Save();

推荐答案

这是我正在使用的.我使用 DirectoryEntry/LDAP 获取密码属性，然后使用这些属性来创建密码.

This is what I'm using. I'm getting the password properties using DirectoryEntry/LDAP, then use those to create the password.

DirectoryEntry child = new DirectoryEntry("LDAP://machine/DC=domain,DC=com");
int minPwdLength = (int)child.Properties["minPwdLength"].Value;
int pwdProperties = (int)child.Properties["pwdProperties"].Value;

在创建密码时使用属性.

Use the properties when creating the password.

UserPrincipal up = new UserPrincipal(oPrincipalContext);                        
                up.SamAccountName = userId;
                up.SetPassword(System.Web.Security.Membership.GeneratePassword(minPwdLength,
                                   pwdProperties));                        
                up.Enabled = true;
                up.ExpirePasswordNow();    
                up.Save();

这篇关于为符合复杂性策略的 AD 用户帐户生成密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！