Re: Is there any way to force setpassword API call to be validated by Windows passwo

From: Marco (tired.of.spam)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 22:23:20 +0100

That's odd .. but the doc I have looked at does not mention anything on the
subject. Have you tried to play arouind with the IADsuser object properties?

PasswordExpirationDate

PasswordMinimumLength

RequireUniquePassword

you may either want to set the exp date to the same day, forcing the user
**hopefully** top change his password rather than resetting it or, set
password min length and the unique password flag.

cheers, 

-- 
Execute applications with elevated privileges [ www.neovalens.com ]
--
"glchen" <anonymous@discussions.microsoft.com> wrote in message
news:a36401c3eb5f$ce039e70$a501280a@phx.gbl...
> Is there any way to force setpassword API call to be
> validated by Windows password policies?
>
> Background:
> There are two AD programmatic and GUI interfaces to update
> AD password. One is to "change password" and the other is
> to "reset password". Change password requires the old
> password/newpassword.  Reset(set) password does not
> require the old password.
> AD password policy enforcement seems to only impact on the
> change password cases. "Reset password" seems to bypass
> the checking of password policy settings
>
> I implemented a self-service password update website which
> allows users to reset password if users provide correct
> security data (so called attribute-based authentication).
> This self-service password uses "set password" API (not
> change password) since self-service password website is
> mainly used by the users who forgot his password or his
> password expired (use attribute-base authentication).
>

Relevant Pages

  • Is there any way to force setpassword API call to be validated by Windows passwo
    ... Is there any way to force setpassword API call to be ... One is to "change password" and the other is ... "Reset password" seems to bypass ... This self-service password uses "set password" API (not ...
    (microsoft.public.win2000.active_directory)
  • changepassword vs. setpassword in Windows 2000
    ... Is there any way to force setpassword API call to be ... One is to "change password" and the other is ... "Reset password" seems to bypass ... This self-service password uses "set password" API (not ...
    (microsoft.public.win2000.security)
  • Re: Change Password Permissions
    ... Reset password is setting the password to a new value without caring about ... Change password requires you to ... Administrator has the rights to reset the password of the other users. ... data then the encrypted data will be lost after password reset. ...
    (microsoft.public.win2000.security)
  • reset password/change at next logon
    ... We have delegated the 'reset password' authority to our helpdesk. ... they are abusing this function by changing the password but NOT checking ... the box that says 'user must change password at next logon'. ...
    (microsoft.public.win2000.security)