以编程方式确定 AD 密码策略

Determine AD password policy programmatically(以编程方式确定 AD 密码策略)

问题描述

我一直在使用 System.DirectoryService (ADSI) 类和方法在 Active Directory 中创建和更改用户.

I have been using the System.DirectoryService (ADSI) classes and methods to create and change users in an Active Directory.

最近我们添加了一项功能，允许用户通过系统设置自己的密码.但是，当密码策略集不接受密码时，使用 SetPassword 方法会引发异常.

Recently we added a feature to allow users to set their own password through the system. However, using the SetPassword method throws an exception when the password is not accepted by the Password Policy set.

userEntry.Invoke("SetPassword", new object[] {password});

我的问题是:在尝试使用 SetPassword 方法之前，如何检查密码是否符合密码策略?

My question is: How do I check to see if a password lives up to the password policy, before attempting to use the SetPassword-method?

我在这篇文章中读到，您可以获得密码策略-来自根域节点的设置，但我在哪里可以阅读有关每个属性含义的更多信息?例如，满足复杂性"策略需要哪些字符?

I read in this post that you can get the Password Policy-settings from the root domain node, but where can I read more about what each attribute means? For instance, which characters are required to fullfill the "Complexity" policy?

一旦我知道这一点，我就可以实现我自己的密码检查方法，但由于这是一种容易出错的方法，我宁愿使用内置检查并为用户提供有关其密码错误的适当信息.

Once I know this, I can implement my own password check-method, but as this is an error-prone approach, I would rather use a built-in check and give the user appropriate info on what is wrong with their password.

推荐答案

我的工作中正在开展一个类似的项目.我们正在推出忘记密码的应用程序.我最终只是做了一个 Invoke("SetPassword", "[randomString]") 并保存了 Invoke("ChangePassword","[randomString]","[user提供密码]").ChangePassword 的结果已返回给用户.

I am working on a similar project at my work. We are rolling a forgot password application. I ended up just doing an Invoke("SetPassword", "[randomString]") and saved the random string for the Invoke("ChangePassword","[randomString]","[user supplied pw]"). The result of the ChangePassword was returned to the user.

SetPassword 不检查密码复杂性或历史规则.这与在 AD 中右键单击用户并选择重置密码"相同.ChangePassword 但是，会检查密码历史记录要求.

SetPassword does not check for password complexity or history rules. It is the same as right clicking a user in AD and selecting "Reset Password." ChangePassword however, does check for password history requirements.

这篇关于以编程方式确定 AD 密码策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！