I'm using SetPassword method from System.DirectoryServices.AccountManagement, to change an user password without knowing his old password. In my domain, it has a history policies, so I can't use a prior password due this history restriction. However, when I use SetPassword method, it allow me use a prior password, skiping the policies restrictions. How can I do to check if the password meet wit this policie using managed code or comm? I have research for a time, but any post didn't help me.
我正在使用System.DirectoryServices.AccountManagement中的SetPassword方法来更改用户密码,而不知道他的旧密码。在我的域中,它有历史记录策略,因此由于此历史记录限制,我无法使用先前的密码。但是,当我使用SetPassword方法时,它允许我使用先前的密码,滑动策略限制。如何使用托管代码或通讯检查密码是否符合此策略?我有一段时间的研究,但任何帖子都没有帮助我。
Thanks in advance and sorry for my bad english.
提前谢谢,抱歉我的英语不好。
Best regards,
Juanjo.
1 个解决方案
#1
0
This is an old question, but I found an answer so I thought I'd share: https://*.com/a/17495340/4831941
这是一个老问题,但我找到了答案,所以我想我会分享:https://*.com/a/17495340/4831941
To summarize, SetPassword is intended to be used by an admin to reset a user's password; it doesn't impose all of the normal restrictions because it's supposed to be overwritten soon.
总而言之,SetPassword旨在由管理员用来重置用户的密码;它没有强加所有正常的限制,因为它应该很快被覆盖。
The recommended workflow would be to have an admin use SetPassword to create a temporary password and then, after the user has logged in with the temporary password, force them to immediately change it with ChangePassword so that the full restrictions are applied and it will be remembered in AD's password history.
建议的工作流程是让管理员使用SetPassword创建临时密码,然后在用户使用临时密码登录后,强制他们立即使用ChangePassword更改密码,以便应用完整限制并记住它在AD的密码历史记录中。
Further reading pulled from the comments of that answer: https://blogs.technet.microsoft.com/fieldcoding/2013/01/09/resetting-passwords-honoring-password-history-or-whats-happening-under-the-hood-when-changing-resetting-passwords/
从该答案的评论中进一步阅读:https://blogs.technet.microsoft.com/fieldcoding/2013/01/09/resetting-passwords-honoring-password-history-or-whats-happening-under-the-罩时变化的复位-密码/
#1
0
This is an old question, but I found an answer so I thought I'd share: https://*.com/a/17495340/4831941
这是一个老问题,但我找到了答案,所以我想我会分享:https://*.com/a/17495340/4831941
To summarize, SetPassword is intended to be used by an admin to reset a user's password; it doesn't impose all of the normal restrictions because it's supposed to be overwritten soon.
总而言之,SetPassword旨在由管理员用来重置用户的密码;它没有强加所有正常的限制,因为它应该很快被覆盖。
The recommended workflow would be to have an admin use SetPassword to create a temporary password and then, after the user has logged in with the temporary password, force them to immediately change it with ChangePassword so that the full restrictions are applied and it will be remembered in AD's password history.
建议的工作流程是让管理员使用SetPassword创建临时密码,然后在用户使用临时密码登录后,强制他们立即使用ChangePassword更改密码,以便应用完整限制并记住它在AD的密码历史记录中。
Further reading pulled from the comments of that answer: https://blogs.technet.microsoft.com/fieldcoding/2013/01/09/resetting-passwords-honoring-password-history-or-whats-happening-under-the-hood-when-changing-resetting-passwords/
从该答案的评论中进一步阅读:https://blogs.technet.microsoft.com/fieldcoding/2013/01/09/resetting-passwords-honoring-password-history-or-whats-happening-under-the-罩时变化的复位-密码/