Jump to content
water

Should the Active Directory UDF support fine grained password policies?

Should the Active Directory UDF support fine grained password policies?  

7 members have voted

  1. 1. Please select one of the following:

    • Yes - I need it now
    • Yes - not needed at the moment but (maybe) in the future
    • No - don't need it now (or in the future)
      0
    • What the hell are you talking about?
      0


Recommended Posts

water

Should the AD UDF support the fine grained password policy available since Windows Server 2012?

What do fine-grained password policies do?
You can use fine-grained password policies to specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
JLogan3o13

From a support perspective I can say that of the 50 or so networks I encountered over the last 12 months only a handful were using this. That being said, I believe (like all UDF additions) it comes down to the level of effort for you to add it. If it is something you can add without tearing your hair out I think it has value; even if it will only serve 10% of users.

  • Like 1

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • tweakster2010
      By tweakster2010
      Hello All,
      It has been a long time since I posted, role changes etc involving work and I finally am back to modifying a program I write in AutoIt that has AD integration. I am at a point where we are modifying our structure where I am validating users access via what Distribution List they belong to in our AD OU's. What I have run into is the OU is a sub OU of a sub OU now. Meaning: CN=team, OU=DL, OU=Groups, DC=business.com(working), is now CN=Team, OU=SubDL, OU=DL, OU=Groups, DC=business.com (Not working).  Just curious if the AD functionality should be able to read it or maybe I am missing something?
       
      ElseIf _AD_IsMemberOf("CN=Team,OU=Distribution Lists,OU=Groups,DC=business,DC=com", $sFQDN_User) Then #works for primary Distro ElseIf _AD_IsMemberOf("CN=Team,OU=SubDL,OU=Distribution Lists,OU=Groups,DC=business,DC=com", $sFQDN_User) Then #fails for subOU of DL How I am accessing AD to get the information:
      _AD_Open() Global $aUser = _AD_GetObjectsInOU("", "(&(objectCategory=person)(objectClass=user)(samaccountname=" & @UserName & "))", 2, "ADsPath,Displayname,distinguishedName") Global $sDisplayName0 = $aUser[1][1] ; Displayname ;MsgBox(0,"", $sDisplayName0) If StringLeft($sDisplayName0, 2) = "9-" Then $Displaynamestring = StringTrimLeft($sDisplayName0, 2) $Displaynamestring1 = StringTrimRight($Displaynamestring, 6) The error code generated is a 1 with a 0 extended. I assume it is because it cannot find the SubOU.
       
      Thanks for any assistance.
    • antmar904
      By antmar904
      I'm trying to read all cells used in column "C" in excel to an array but not sure how.
       
      Local $NameArray = _Excel_RangeRead($oWorkbook, $oWorkbook.Activesheet, $oWorkbook.Range["C"].End)  
    • Blois
      By Blois
      Hey Guys,
      Good?
      I'm ned help to consult in other domain. My three domain contains any domains.
      How do I get this query done?
       
      Tks for the Help!
       
    • rudi
      By rudi
      Hello,
       
      from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
      I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct?  Maybe with @Melba23 's AD UDF?
       
      The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
      Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
    • 31290
      By 31290
       
      Hi guys, 
      I'd like to write a piece of tool that would allow me to update a certain field in our Active Directory from a comma separated csv file composed like this:

      This file, automatically generated, can hold more than 10k lines.
      Thus, I need column A to be in one variable, column B in a second one and column C in a third one.
      I'm really missing this part as updating the AD is fairly easy once the 3 variable are populated. 
      I see things like this:
      Here's my attempts at the moment:
      #include <File.au3> #include <Array.au3> Global $csv_file = @DesktopDir & "\Book1.csv" Global $aRecords If Not _FileReadToArray($csv_file,$aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf For $x = 1 to $aRecords[0] Msgbox(0,'Record:' & $x, $aRecords[$x]) ; Shows the line that was read from file $csv_line_values = StringSplit($aRecords[$x], ",",1) ; Splits the line into 2 or more variables and puts them in an array ; _ArrayDisplay($csv_line_values) ; Shows what's in the array you just created. ; $csv_line_values[0] holds the number of elements in array ; $csv_line_values[1] holds the value ; $csv_line_values[2] holds the value ; etc Msgbox(0, 0, $csv_line_values[1]) Next Any help on this please? 
      Thanks in advance
      -31290-
×