2.2.9 SamrValidatePassword Data Types

The following structures are used exclusively for the SamrValidatePassword method.

As stated in section 2.1, all structures SHOULD be encrypted by the client using transport layer security to hide any cleartext data embedded in the structures.

The authentication, password change, and password reset structures (sections,, and refer to a password-related operation that occurs in an application external to this protocol. A canonical scenario is an application, such as Microsoft SQL Server, that might maintain its own account database (independent of an operating system's account data) and might require that the passwords of those accounts be subject to the same policy as the policy enforced by the server of this protocol (such as Active Directory). Such an application uses the SamrValidatePassword method and these structures to accomplish this goal. Said application is also responsible for storing, in whatever manner it chooses, the SAM_VALIDATE_PERSISTED_FIELDS (section structure returned by SamrValidatePassword.