2.2.9 SamrValidatePassword Data Types
The following structures are used exclusively for the SamrValidatePassword method.
As stated in section 2.1, all structures SHOULD be encrypted by the client using transport layer security to hide any cleartext data embedded in the structures.
The authentication, password change, and password reset structures (sections 18.104.22.168, 22.214.171.124, and 126.96.36.199) refer to a password-related operation that occurs in an application external to this protocol. A canonical scenario is an application, such as Microsoft SQL Server, that may maintain its own account database (independent of an operating system's account data) and may require that the passwords of those accounts be subject to the same policy as the policy enforced by the server of this protocol (such as Active Directory). Such an application uses the SamrValidatePassword method and these structures to accomplish this goal. Said application is also responsible for storing, in whatever manner it chooses, the SAM_VALIDATE_PERSISTED_FIELDS (section 188.8.131.52) structure returned by SamrValidatePassword.