Using SQL or SMO to retrieve Sql Server password complexity requirements

Question

I am writing a small tool to automate some trivial tasks in SQL Server 2008 R2 (if it matters). One of the features it needs to do is read a csv file of users and passwords, and create logins in SQL Server. This works great. Except in the case where one of the passwords does not comply with SQL Server Password Complexity requirements, in which case it breaks miserably.

In order to mitigate this management has decided that we need another tool, to validate the integrity of csv files, to ensure that all supplied passwords conform to the requirement of a supplied SQL Server. However, short of simply trying them all, and noting which failed (and then cleaning up), there doesn't seem to be any elegant way to check whether a given password is valid for a given SQL Server.

Is this a correct assumption? Is is there some simpler way to query the Database about password requirements (or failing that whether a given password is compliant) without making changes to the database?

These tools are being written in C#.

Answer 1

This is not an easy problem. SQL Server uses the NetValidatePasswordPolicy function to check the password validity. You can try to use this function on your own, but you must have a few things into account. Please, see thi SO Q&A: Calling NetValidatePasswordPolicy from C# always returns Password Must Change which give some pointers on how to use this function.

However, an easiser solution would be to try to create a dummy user with all the possible passwords, and check for errors. That will let you log a list of user whose passwords doesn't comply the complexity rules.