Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The SamrGetUserDomainPasswordInformation method obtains select password policy information (without requiring a ___domain handle).
-
long SamrGetUserDomainPasswordInformation( [in] SAMPR_HANDLE UserHandle, [out] PUSER_DOMAIN_PASSWORD_INFORMATION PasswordInformation );
UserHandle: An RPC context handle, as specified in section 2.2.7.2, representing a user object.
PasswordInformation: Password policy information from the user's ___domain.
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
On receiving this message, the server MUST process the data from the message subject to the following constraints:
The server MUST return an error if UserHandle.HandleType is not equal to "User".
The security identity of the client MUST have DOMAIN_READ_PASSWORD_PARAMETERS access to the account ___domain object; if not, the server MUST abort processing and return STATUS_ACCESS_DENIED.
If the RelativeId of the objectSid attribute of the user object referenced by UserHandle.Object is DOMAIN_USER_RID_KRBTGT, or if the userAccountControl attribute contains UF_INTERDOMAIN_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT, or UF_SERVER_TRUST_ACCOUNT, then PasswordInformation MUST be set to all zeros, and the server MUST end processing and return STATUS_SUCCESS.
The output parameter PasswordInformation.MinPasswordLength MUST be set to the Effective-MinimumPasswordLength attribute value (see section 3.1.1.5).
The output parameter PasswordInformation.PasswordProperties MUST be set to the pwdProperties attribute value on the account ___domain object. In addition:
If the Effective-PasswordComplexityEnabled value (see section 3.1.1.5) is set, PasswordInformation.PasswordProperties MUST contain DOMAIN_PASSWORD_COMPLEX.
If the Effective-PasswordReversibleEncryptionEnabled value (see section 3.1.1.5) is set, PasswordInformation.PasswordProperties MUST contain DOMAIN_PASSWORD_STORE_CLEARTEXT.