Active Directory Password complexity checker
Active Directory Password complexity checker

If you have enabled the password complexity in your Active Directory domain through GPO, you probably have received complaints from the users : “I cannot find a password. Every time I try to enter a new password, a message indicates the password does not meet the password complexity rules…”

I have written a simple web page using PHP and jQuery to help users to find a password that will meet the Active Directory complexity rules.

chkpwd1

How it works

The process is the following :

  • the user account fills the first field with his username (samaccountname) and then click on the Submit button
  • an Active Directory query is done with the PHP library adLdap to get the display name for this user account
  • if the query failed, an error message indicates the user account is not correct
  • if the query is successful, the password field can be completed
  • the user can now enter the password to test
  • the final indicates if the password is valid or not
Screenshots

In the example below, the user account is configured with this display name :

chkpwd4

Result : the password is invalid

chkpwd3

Result : the password is valid

chkpwd2

The full web page and dependencies are available here

Installation
  • Install or use an existing Apache server with the ldap support
  • create a folder under /var/www : mkdir /var/www/mypwdchk
  • unzip the archive :
    cd /var/www/mypwdchk
    unzip chkpwd.zip
  • configure your apache vhost. Example :
    <VirtualHost *:443>
            ServerName mypwdchk
            DocumentRoot /var/www/mypwdchk
            <Directory "/">
                    Options Indexes MultiViews FollowSymLinks
                    AllowOverride None
                    Order deny,allow
            </Directory>
      SSLEngine on
      SSLCertificateFile /etc/apache2/mypwdchk.crt
      SSLCertificateKeyFile /etc/apache2/mypwdchk.key
    </VirtualHost>
  • When done configure the file config.ini with your Active Directory parameters and policy requirements. An Active Directory user account is required to perform the query from the web server to the domain controllers. This user account does not require advanced privileges : domain user is sufficient

Do not hesitate to leave me a message if you a problem to install the webpage or if you have any questions.


Source download

<><>
Active Directory Password complexity checker

Leave a Reply

Your email address will not be published.