2.2.9.2 SAM_VALIDATE_PERSISTED_FIELDS

The SAM_VALIDATE_PERSISTED_FIELDS structure holds various characteristics about password state.

 typedef struct _SAM_VALIDATE_PERSISTED_FIELDS {
   unsigned long PresentFields;
   LARGE_INTEGER PasswordLastSet;
   LARGE_INTEGER BadPasswordTime;
   LARGE_INTEGER LockoutTime;
   unsigned long BadPasswordCount;
   unsigned long PasswordHistoryLength;
   [unique, size_is(PasswordHistoryLength)] 
     PSAM_VALIDATE_PASSWORD_HASH PasswordHistory;
 } SAM_VALIDATE_PERSISTED_FIELDS,
  *PSAM_VALIDATE_PERSISTED_FIELDS;

PresentFields: A bitmask to indicate which of the fields are valid. The following table shows the defined values. If a bit is set, the corresponding field is valid; if a bit is not set, the field is not valid.

Value	Meaning
SAM_VALIDATE_PASSWORD_LAST_SET 0x00000001	PasswordLastSet
SAM_VALIDATE_BAD_PASSWORD_TIME 0x00000002	BadPasswordTime
SAM_VALIDATE_LOCKOUT_TIME 0x00000004	LockoutTime
SAM_VALIDATE_BAD_PASSWORD_COUNT 0x00000008	BadPasswordCount
SAM_VALIDATE_PASSWORD_HISTORY_LENGTH 0x00000010	PasswordHistoryLength
SAM_VALIDATE_PASSWORD_HISTORY 0x00000020	PasswordHistory

PasswordLastSet: This field represents the time at which the password was last reset or changed. It uses FILETIME syntax.

BadPasswordTime: This field represents the time at which an invalid password was presented to either a password change request or an authentication request. It uses FILETIME syntax.

LockoutTime: This field represents the time at which the owner of the password data was locked out. It uses FILETIME syntax.

BadPasswordCount: Indicates how many invalid passwords have accumulated (see message processing for details).

PasswordHistoryLength: Indicates how many previous passwords are in the PasswordHistory field.

PasswordHistory: An array of hash values representing the previous PasswordHistoryLength passwords.