Howto Determine AD User Accts Having Passwords < 6 characters

Discussion in 'Active Directory' started by mcintoshs, Dec 4, 2009.

  1. mcintoshs

    mcintoshs Guest

    I am dealing with a legacy Active Directory implementation in which the prior
    administrator failed to implement mimimum password character length. Our plan
    is to notify users a month or so in advance that they need to change their
    password to one with at least 6 characters and if they fail to do so by a
    date certain they will no longer be able to login to the network.
    The problem is that there are many 'generic' accounts which do not
    correspond to a live user and there are even more accounts not having e-mail
    addresses so the notification process will be torturous.
    What I need is a safe and proven utility which can scan Active Directory and
    list every user account in the domain which has less than 6 characters. I
    also need instructions on how to use the utility for that purpose.
    mcintoshs, Dec 4, 2009
    1. Advertisements

  2. I don't believe there is any way to tell the length of a password, short of
    brute force guessing. Hopefully, there is no way, as it would help attackers
    target accounts. If you know the length of a password ahead of time, brute
    force attacks are much easier. Sorry.
    Richard Mueller [MVP], Dec 4, 2009
    1. Advertisements

  3. Hello mcintoshs,

    Never heard about such a tool and hopefully it wan't exist. Configure the
    policy setting on domain level and inform your users about the new setting.

    The next time they are requested to change the password or change it manual
    they have to use the new length.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Dec 5, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.