Password Policy Control

G

Guest

Hello,
I want to know whether Active Directory supports "Password Policy
Control" or not.
SunONE directory server has password controls.
It has these password controls
OID: 2.16.840.1.113730.3.4.4 (LDAP_CONTROL_PWEXPIRED)
OID: 2.16.840.1.113730.3.4.5 (LDAP_CONTROL_PWEXPIRING)

Can Active Directory server pass back information to client to tell the
status of directory controlled passwords, whether they have expired or
about to expire, and send a message to that affect instead of the
standard logon error message?

Thanks in advance

Regards,
Sanket
 
J

Joe Richards [MVP]

As per RFC, you query the rootdse for what supported controls are
supported. AD does not support those controls.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
G

Guest

Hi
how can i get when user's password is expired and about to expire. can it be
done in C/C++.
 
J

Joe Richards [MVP]

You can't get it on the bind, you will need to query the directory for
the user object and work it out from the pwdLastSet attribute as well as
determine the domain expiration policy. I would also recommend checking
out the lockoutTime attribute as well as whether or not the account is
disabled (useraccountcontrol&2) and if the account is expired
(accountExpires).


If you are using ADAM you can look at the msDS-UserPasswordExpired,
msDS-UserAccountDisabled, ms-DS-UserAccountAutoLocked attributes of the
user object.



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LDAP Query Policy maxpagesize 1
password expiration 2
Domain Password Policy 1
User Password Expiry 2
Password Policy Enforcement 3
changing administrator password 2
Password Policy Problems 1
Exclude accounts from password policy 4

Top