If you have enabled the password complexity in your Active Directory domain through GPO, you probably have received complaints from the users : “I cannot find a password. Every time I try to enter a new password, a message indicates the password does not meet the password complexity rules…”
I have written a simple web page using PHP and jQuery to help users to find a password that will meet the Active Directory complexity rules.
How it works
The process is the following :
- the user account fills the first field with his username (samaccountname) and then click on the Submit button
- an Active Directory query is done with the PHP library adLdap to get the display name for this user account
- if the query failed, an error message indicates the user account is not correct
- if the query is successful, the password field can be completed
- the user can now enter the password to test
- the final indicates if the password is valid or not
Screenshots
In the example below, the user account is configured with this display name :
Result : the password is invalid
Result : the password is valid
The full web page and dependencies are available here
Installation
- Install or use an existing Apache server with the ldap support
- create a folder under /var/www : mkdir /var/www/mypwdchk
- unzip the archive :
cd /var/www/mypwdchk unzip chkpwd.zip
- configure your apache vhost. Example :
<VirtualHost *:443> ServerName mypwdchk DocumentRoot /var/www/mypwdchk <Directory "/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow </Directory> SSLEngine on SSLCertificateFile /etc/apache2/mypwdchk.crt SSLCertificateKeyFile /etc/apache2/mypwdchk.key </VirtualHost>
- When done configure the file config.ini with your Active Directory parameters and policy requirements. An Active Directory user account is required to perform the query from the web server to the domain controllers. This user account does not require advanced privileges : domain user is sufficient
Do not hesitate to leave me a message if you a problem to install the webpage or if you have any questions.