enforcing password history when using Directory.Entry.Invoke

Saqib Ali · Feb 16, 2007

is there a way to enforce password history verification when using
Directory.Entry.Invoke("SetPassword", newPasswdStr)???

saqib
http://www.full-disk-encryption.net

Joe Kaplan · Feb 16, 2007

SetPassword does not enforce password history, as you are doing an
administrative password reset. If you want password history enforced, you
have to do a normal password change using ChangePassword. This requires
knowing the previous password.

Joe K.

Mark Rae · Feb 16, 2007

is there a way to enforce password history verification when using
Directory.Entry.Invoke("SetPassword", newPasswdStr)???

No.

Joe Richards [MVP] · Feb 16, 2007

It isn't a matter of the client side API, this is hard coded in the OS
itself. Password set operations regardless of how they get passed to AD
do not enforce history.

You may want to look at NetValidatePasswordPolicy API call, it might
help you out...

http://msdn2.microsoft.com/en-us/library/aa370661.aspx

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

enforcing password history when using Directory.Entry.Invoke

Saqib Ali

Joe Kaplan

Mark Rae

Joe Richards [MVP]