如何从.NET中的Active Directory获取所需的最小密码长度值

I'm implementing a plugin architecture to implement authentication an external authentication mechanism for a web site. One of the plugins I plan to provide is an ActiveDirectory plugin. I'd like to implement some of the features of a MembershipProvider, including MinRequiredPasswordLength, but don't want to fully implement or configure an ActiveDirectoryMembershipProvider.

我正在实现一个插件架构来实现身份验证和网站的外部身份验证机制。我计划提供的其中一个插件是一个ActiveDirectory插件。我想实现MembershipProvider的一些功能,包括MinRequiredPasswordLength,但不想完全实现或配置ActiveDirectoryMembershipProvider。

Does anyone know how to query AD and get the minimum required password length? I know that this can be set by GPO and vary by user/computer depending on policies, but I'd like to provide a default based on the domain default instead of an arbitrary number.

有谁知道如何查询AD并获得所需的最小密码长度?我知道这可以由GPO设置,并且因用户/计算机而异,具体取决于策略,但我想提供基于域默认值而不是任意数字的默认值。

[EDIT] The configuration example for an ActiveDirectoryMembershipProvider shows this as being set in the configuration. Is there no way to have this tied to the domain policies?

[编辑] ActiveDirectoryMembershipProvider的配置示例将此显示为在配置中设置。有没有办法将此与域策略绑定?

2 个解决方案

#1

The root of the domain has a property called "minPwdLength" There are several other attributes related to password policy (minPwdAge, maxPwdAge, lockoutDuration, etc)

域的根有一个名为“minPwdLength”的属性还有一些与密码策略相关的其他属性(minPwdAge,maxPwdAge,lockoutDuration等)

In a Windows Server 2008 Domain with Fine Grained Password policy this get's more complicated though since you can have different password policies for different OU's.

在具有细粒度密码策略的Windows Server 2008域中,这会变得更复杂,因为您可以针对不同的OU使用不同的密码策略。

#2

just a hint: I use DirectorySearcher (System.DirectoryServices) to query the ActiveDirectory, I don't kbow if there is a way to query what you're looking for...

只是一个提示:我使用DirectorySearcher(System.DirectoryServices)来查询ActiveDirectory,如果有办法查询你要查找的内容,我不知道...

Hope it helps

希望能帮助到你

#1