Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

3.1.5.13.3 SamrGetUserDomainPasswordInformation (Opnum 44)

The SamrGetUserDomainPasswordInformation method obtains select password policy information (without requiring a domain handle).

long SamrGetUserDomainPasswordInformation(
  [in] SAMPR_HANDLE UserHandle,
  [out] PUSER_DOMAIN_PASSWORD_INFORMATION PasswordInformation
);

UserHandle: An RPC context handle, as specified in section 2.2.3.2, representing a user object.

PasswordInformation: Password policy information from the user's domain.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

On receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if UserHandle.HandleType is not equal to "User".

  2. The security identity of the client MUST have DOMAIN_READ_PASSWORD_PARAMETERS access to the account domain object; if not, the server MUST abort processing and return STATUS_ACCESS_DENIED.

  3. If the RelativeId of the objectSid attribute of the user object referenced by UserHandle.Object is DOMAIN_USER_RID_KRBTGT, or if the userAccountControl attribute contains UF_INTERDOMAIN_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT, or UF_SERVER_TRUST_ACCOUNT, then PasswordInformation MUST be set to all zeros, and the server MUST end processing and return STATUS_SUCCESS.

  4. The output parameter PasswordInformation.MinPasswordLength MUST be set to the Effective-MinimumPasswordLength attribute value (see section 3.1.1.5).

  5. The output parameter PasswordInformation.PasswordProperties MUST be set to the pwdProperties attribute value on the account domain object. In addition:

    1. If the Effective-PasswordComplexityEnabled value (see section 3.1.1.5) is set, PasswordInformation.PasswordProperties MUST contain DOMAIN_PASSWORD_COMPLEX.

    2. If the Effective-PasswordReversibleEncryptionEnabled value (see section 3.1.1.5) is set, PasswordInformation.PasswordProperties MUST contain DOMAIN_PASSWORD_STORE_CLEARTEXT.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.