Reputation: 532765
I'm implementing a plugin architecture to implement authentication an external authentication mechanism for a web site. One of the plugins I plan to provide is an ActiveDirectory plugin. I'd like to implement some of the features of a MembershipProvider, including MinRequiredPasswordLength, but don't want to fully implement or configure an ActiveDirectoryMembershipProvider.
Does anyone know how to query AD and get the minimum required password length? I know that this can be set by GPO and vary by user/computer depending on policies, but I'd like to provide a default based on the domain default instead of an arbitrary number.
[EDIT] The configuration example for an ActiveDirectoryMembershipProvider shows this as being set in the configuration. Is there no way to have this tied to the domain policies?
Upvotes: 0
Views: 2340
Reputation: 1148
The root of the domain has a property called "minPwdLength" There are several other attributes related to password policy (minPwdAge, maxPwdAge, lockoutDuration, etc)
In a Windows Server 2008 Domain with Fine Grained Password policy this get's more complicated though since you can have different password policies for different OU's.
Upvotes: 1
Reputation: 9619
just a hint: I use DirectorySearcher (System.DirectoryServices) to query the ActiveDirectory, I don't kbow if there is a way to query what you're looking for...
Hope it helps
Upvotes: 0