tvanfosson
tvanfosson

Reputation: 532765

How can I get the minimum required password length value from Active Directory in .NET

I'm implementing a plugin architecture to implement authentication an external authentication mechanism for a web site. One of the plugins I plan to provide is an ActiveDirectory plugin. I'd like to implement some of the features of a MembershipProvider, including MinRequiredPasswordLength, but don't want to fully implement or configure an ActiveDirectoryMembershipProvider.

Does anyone know how to query AD and get the minimum required password length? I know that this can be set by GPO and vary by user/computer depending on policies, but I'd like to provide a default based on the domain default instead of an arbitrary number.

[EDIT] The configuration example for an ActiveDirectoryMembershipProvider shows this as being set in the configuration. Is there no way to have this tied to the domain policies?

Upvotes: 0

Views: 2340

Answers (2)

Steve Evans
Steve Evans

Reputation: 1148

The root of the domain has a property called "minPwdLength" There are several other attributes related to password policy (minPwdAge, maxPwdAge, lockoutDuration, etc)

In a Windows Server 2008 Domain with Fine Grained Password policy this get's more complicated though since you can have different password policies for different OU's.

Upvotes: 1

sebagomez
sebagomez

Reputation: 9619

just a hint: I use DirectorySearcher (System.DirectoryServices) to query the ActiveDirectory, I don't kbow if there is a way to query what you're looking for...

Hope it helps

Upvotes: 0

Related Questions