Howto Determine AD User Accts Having Passwords < 6 characters

I am dealing with a legacy Active Directory implementation in which the prior
administrator failed to implement mimimum password character length. Our plan
is to notify users a month or so in advance that they need to change their
password to one with at least 6 characters and if they fail to do so by a
date certain they will no longer be able to login to the network.
The problem is that there are many 'generic' accounts which do not
correspond to a live user and there are even more accounts not having e-mail
addresses so the notification process will be torturous.
What I need is a safe and proven utility which can scan Active Directory and
list every user account in the domain which has less than 6 characters. I
also need instructions on how to use the utility for that purpose.
Thanks,
Scott

"mcintoshs" <> wrote in message
news:C60D7587-63A3-44BC-959D-...
>I am dealing with a legacy Active Directory implementation in which the
>prior
> administrator failed to implement mimimum password character length. Our
> plan
> is to notify users a month or so in advance that they need to change their
> password to one with at least 6 characters and if they fail to do so by a
> date certain they will no longer be able to login to the network.
> The problem is that there are many 'generic' accounts which do not
> correspond to a live user and there are even more accounts not having
> e-mail
> addresses so the notification process will be torturous.
> What I need is a safe and proven utility which can scan Active Directory
> and
> list every user account in the domain which has less than 6 characters. I
> also need instructions on how to use the utility for that purpose.
> Thanks,
> Scott

I don't believe there is any way to tell the length of a password, short of
brute force guessing. Hopefully, there is no way, as it would help attackers
target accounts. If you know the length of a password ahead of time, brute
force attacks are much easier. Sorry.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Hello mcintoshs,

Never heard about such a tool and hopefully it wan't exist. Configure the
policy setting on domain level and inform your users about the new setting.

The next time they are requested to change the password or change it manual
they have to use the new length.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I am dealing with a legacy Active Directory implementation in which
> the prior
> administrator failed to implement mimimum password character length.
> Our plan
> is to notify users a month or so in advance that they need to change
> their
> password to one with at least 6 characters and if they fail to do so
> by a
> date certain they will no longer be able to login to the network.
> The problem is that there are many 'generic' accounts which do not
> correspond to a live user and there are even more accounts not having
> e-mail
> addresses so the notification process will be torturous.
> What I need is a safe and proven utility which can scan Active
> Directory and
> list every user account in the domain which has less than 6
> characters. I
> also need instructions on how to use the utility for that purpose.
> Thanks,
> Scott