G
glchen
Is there any way to force setpassword API call to be
validated by Windows password policies?
Background:
There are two AD programmatic and GUI interfaces to update
AD password. One is to "change password" and the other is
to "reset password". Change password requires the old
password/newpassword. Reset(set) password does not
require the old password.
AD password policy enforcement seems to only impact on the
change password cases. "Reset password" seems to bypass
the checking of password policy settings
I implemented a self-service password update website which
allows users to reset password if users provide correct
security data (so called attribute-based authentication).
This self-service password uses "set password" API (not
change password) since self-service password website is
mainly used by the users who forgot his password or his
password expired (use attribute-base authentication).
validated by Windows password policies?
Background:
There are two AD programmatic and GUI interfaces to update
AD password. One is to "change password" and the other is
to "reset password". Change password requires the old
password/newpassword. Reset(set) password does not
require the old password.
AD password policy enforcement seems to only impact on the
change password cases. "Reset password" seems to bypass
the checking of password policy settings
I implemented a self-service password update website which
allows users to reset password if users provide correct
security data (so called attribute-based authentication).
This self-service password uses "set password" API (not
change password) since self-service password website is
mainly used by the users who forgot his password or his
password expired (use attribute-base authentication).