Assuming that I need to know programmaticall y (VS C#) an User's, or Domain's, Password Policy parameters:
1) MinPasswordLeng th
2) PasswordHistory Length
3) PasswordAttribu te - COMPLEX
so far I’ve found a way to get the parameters 1) and 2), but not 3).
Here and there, though, parameter 3) is mentioned as a legitimate element of the Active Directory schema, but I haven’t found a way to actually read it. Reason may be that, as stated on the document “Provider Support of ADSI Interfaces”, section “Provider Support for IADsDomain”, this property PasswordAttribu tes is declared not supported neither by the provider LDAP nor WinNT. And I do not know if there is some other way (C#-compatible) to get this information.
Any comments/help/support on the subject is welcome. Yours,
Pietro Moras
4  17759 
Pietro,
You might want to ask at the following yahoo group, they answered all my AD
questions... http://groups.yahoo.com/group/ADSIANDDirectoryServices/
Ollie
"Studio P.M." <Studio P.M.@discussion s.microsoft.com > wrote in message
news:BB******** *************** ***********@mic rosoft.com... Assuming that I need to know programmaticall y (VS C#) an User's, or
Domain's, Password Policy parameters: 1) MinPasswordLeng th
2) PasswordHistory Length
3) PasswordAttribu te - COMPLEX
so far I've found a way to get the parameters 1) and 2), but not 3).
Here and there, though, parameter 3) is mentioned as a legitimate element
of the Active Directory schema, but I haven't found a way to actually read
it. Reason may be that, as stated on the document "Provider Support of ADSI
Interfaces", section "Provider Support for IADsDomain", this property
PasswordAttribu tes is declared not supported neither by the provider LDAP
nor WinNT. And I do not know if there is some other way (C#-compatible) to
get this information. Any comments/help/support on the subject is welcome. Yours,
Pietro Moras
3. You can read the pwd properties by binding to the root of the domain tree
and retrieve the pwdProperties.
pwdProperties is an int, the LSB is used for DOMAIN_PASSWORD _COMPLEX
// check the platform SDK doc's for other bitflags
const int DOMAIN_PASSWORD _COMPLEX = 0x000001;
using (DirectoryEntry domain = new
DirectoryEntry( "LDAP://Domain/DC=....,DC=.... .,DC=....",
"domain\\accoun t", "pwd"))
{
int pwdProps = (int)domain.Pro perties["pwdPropert ies"].Value;
Console.WriteLi ne(pwdProps);
}
}
Willy.
"Studio P.M." <Studio P.M.@discussion s.microsoft.com > wrote in message
news:BB******** *************** ***********@mic rosoft.com... Assuming that I need to know programmaticall y (VS C#) an User's, or
Domain's, Password Policy parameters:
1) MinPasswordLeng th
2) PasswordHistory Length
3) PasswordAttribu te - COMPLEX
so far I've found a way to get the parameters 1) and 2), but not 3).
Here and there, though, parameter 3) is mentioned as a legitimate element
of the Active Directory schema, but I haven't found a way to actually read
it. Reason may be that, as stated on the document "Provider Support of
ADSI Interfaces", section "Provider Support for IADsDomain", this property
PasswordAttribu tes is declared not supported neither by the provider LDAP
nor WinNT. And I do not know if there is some other way (C#-compatible) to
get this information.
Any comments/help/support on the subject is welcome. Yours,
Pietro Moras
Pietro,
Q1. Well, the pwdProperties is only exposed by the LDAP provider (on W2K and
higher domains)
Furthermore, I strongly suggest you to use LDAP in a W2K/W2K3 AD domain
environment and use the WinNT provider ONLY to access NT4 domains and
memberserver/workstation.
Q2. //Domain is a placeholder, it can contain the IP address of the domain
controller, the DNS name of the DC or the Windows DOMAIN name .
- domain\account and pwd denotes the binding user's credentials (domain user
id and password), note that these are the credentials used to access the AD
service objects.
- dc=.., dc=..., specifies the distinguished name of the domain to bind to.
Ex. dc=microsoft, dc=com.
The distinguished name of the domain can be obtained by reading the
defaultNamingCo ntext like this:
using(Directory Entry domain = new
DirectoryEntry( "LDAP://RootDSE","domai n\\administrato r", "mySecret",
AuthenticationT ypes.ServerBind ))
{
string dn = (string)domain. Properties["defaultNamingC ontext"].Value;
Console.WriteLi ne(dn);
}
Here we are binding against the users default domain (login domain).
Another possibility is to specify the domain name or DC name, that way you
can bind against any domain as long as the binding user has the necessary
access privileges.
Q3. When using C# and the framework classes to access the AD, your best bet
are the MSDN doc's, unfortunately, you have to switch back and fort between
the System.Director yServices FCL doc's and the platform sdk docs
( http://msdn.microsoft.com/library/en...s_portal.asp?).
The reason for this is, that System.Director yServices is simply wrapping the
ADSI client COM services interfaces, and most of the properties are
described in the ADSI doc's and not in the FCL doc's.
Willy.
"Studio P.M." <St******@discu ssions.microsof t.com> wrote in message
news:91******** *************** ***********@mic rosoft.com... Dear Mr. Denoyette,
In this way, beyond the "pwdProperties" , I could equally get
"minPwdLeng th" and "pwdHistoryLeng th" too. Very acccurate, very complete,
and very kind of you.
And stimulating too. Indeed I can't refrain from asking these further
questions.
Q1) You chose the "LDAP://" provider, and not, say, the "WinNT://". Why?
Q2) I'm not familiar with LDAP, hence I must ask you to be more detailed
about all these arguments:
//Domain/ is it a keyword, or a placeholder for a real domain name?
DC=...,DC=... what is it for?
domain\\account same question: is it a keyword, or...
pwd same question
Q3) Where can I find such elusive information as that one you gave me? I
mean: is there a reference source, or book, that I could consult when you
are non here round to grant your support?
All the best, and thanks again. Yours,
Pietro Moras
- - - - -=- - - - -=- - - - -=- - - - -=- - - - -=- - - - -=
"Willy Denoyette [MVP]" wrote:
3. You can read the pwd properties by binding to the root of the domain
tree
and retrieve the pwdProperties.
pwdProperties is an int, the LSB is used for DOMAIN_PASSWORD _COMPLEX
// check the platform SDK doc's for other bitflags
const int DOMAIN_PASSWORD _COMPLEX = 0x000001;
using (DirectoryEntry domain = new
DirectoryEntry( "LDAP://Domain/DC=....,DC=.... .,DC=....",
"domain\\accoun t", "pwd"))
{
int pwdProps = (int)domain.Pro perties["pwdPropert ies"].Value;
Console.WriteLi ne(pwdProps);
}
}
Willy.
Willy,
The first impulse is of gratitude for the quality and kindness of this discussion.
The second is of perplexity and uneasiness. Indeed as matter of fact, in this case too, I realised that in lack of an organic, comprehensive and updated documentation of reference, the success of a project may depend on the casual contribution of a collaborative colleague. Ok: I owe you a favor.
And you can count one more friend.
Thanks again.
See you.
Pietro Moras
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Oleg Ogurok |
last post by:
Hi all,
After adding a user to active directory, its state is set to Disabled until
the next replication occurs or until I manually force the replication using
Active Directory Sites and Services.
Is there a way to force the replication via C# or unmanaged code?
Thanks,
Oleg.
|
by: cgian31 |
last post by:
I need to access an info page in an external website, normally
accessible after filling username and password in a form.
I would like to hide this complexity (!) from the user, allowing them
to access it through an internal web page (which I would design) maybe
with a simple hyperlink.
How could I use ASP.NET for designing a webpage that will
programmatically fill out two fields (user and password) in a simple
html form (through...
|
by: Michael |
last post by:
I am running an application that requires "Full Trust" which is declared in
the assembly.
How do I trap for the System.Security.Policy.PolicyException that is raised
by a local machines CAS if its current policy will not allow "Full Trust",
ie its running in the Intranet Zone.
I am trying to trap the error to advise users to have adm revise policy to
permit running the program otherwise a cryptic debug screen is raised.
|
by: James |
last post by:
We have our own set of users and passwords for our application and we want to
implement strong passwords.
My question is can you access the windows password policy settings in order
to validate a password the user has typed in?
Even if you cant use the password history for your own passwords, it would
still be useful to use the other settings like minimum length etc...
We could store our own format for the password maybe as a regular...
|
by: Dan Sikorsky |
last post by:
I want to bypass requiring the intranet domain user to type in a username and
password when coming to my website, even the very first time.
If it's the first time I do a Membership.CreatUser passing the username,
gotten from ServerVariables("LOGON_USER"), a constant password (all users
have the same password), and an email address built with the username and a
constant domain name from the intranet.
However, things like...
| | |
by: crazyone |
last post by:
Hi all,
We recently started to receive complaints about our install project not
working and giving and shitload of error messages related to SQL. We
later found out that the problem was the users we were trying to bind
to we're not created because of the domain password policy feature
implemented into SQL Server 2005.
After much dabbling around the SQL scripts that created the database
structure, we came to the conclusion that only...
|
by: =?Utf-8?B?SmFzb24gUmljaG1laWVy?= |
last post by:
Can someone provide me with a code snippet of how to retrieve the password
policy for an instance of ADAM?
I have found a few articles that explain how to do this in Active Directory
but they don't appear to work for ADAM (the stated properties do not exist).
I would like to compare a password that is entered in my application against
the password policy to validate the password.
Thank you,
|
by: Bodanapu |
last post by:
Hi,
I want to enable " Password must meet the complexity requirements" property in Local Security Policy->Account Policies->Password Policy in Administartive tools programmatically or using any script but not manually.
Please tell me a way to do this. This is very urgent requirement for me.
Thanks and Regards,
Padmaja
|
by: David |
last post by:
Hello,
I would like to know how to post form data programmatically. The idea is
to get the intranet web page, programmatically entre the username and
password in a login form, post it and be redirected to the logged in
page. So far I have found the code to post data in a form, but I am not
sure if this is the correct way to do it.
Thank you in advance
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing, and deploymentwithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
