TestimoX

API Reference

Class

PasswordPolicyAnalyzer

Edit on GitHub
Namespace ADPlayground.Domains
Assembly ADPlayground
Source ADPlayground/Domain/PasswordPolicyAnalyzer.cs:21
Modifiers static

Provides methods to locate accounts with unset passwords or password not required.

Inheritance

  • Object
  • PasswordPolicyAnalyzer

Methods

public static IEnumerable<PasswordPolicyFlagInfo> GetPasswordLastSetZero(String domainName = null, String forestName = null) #
ADPlayground/Domain/PasswordPolicyAnalyzer.cs:76
Returns: IEnumerable<PasswordPolicyFlagInfo>

Finds accounts in the specified domain where pwdLastSet equals zero or the PASSWD_NOTREQD userAccountControl flag is present.

Parameters

domainName System.String = null optionalposition: 0
Target domain name. If null, queries all domains in current forest.
forestName System.String = null optionalposition: 1
Target forest name. If null, uses current forest.

Returns

Collection of accounts with password policy violations.

public static IEnumerable<PasswordPolicyFlagInfo> GetPasswordNeverExpires(String domainName = null, String forestName = null) #
ADPlayground/Domain/PasswordPolicyAnalyzer.cs:21
Returns: IEnumerable<PasswordPolicyFlagInfo>

Finds accounts where the DONT_EXPIRE_PASSWORD userAccountControl flag is set.

Parameters

domainName System.String = null optionalposition: 0
Target domain name. If null, queries all domains in current forest.
forestName System.String = null optionalposition: 1
Target forest name. If null, uses current forest.

Returns

Collection of accounts with password never expires flag set.

public static IEnumerable<PasswordPolicyFlagInfo> GetPasswordNotRequired(String domainName = null, String forestName = null) #
ADPlayground/Domain/PasswordPolicyAnalyzer.cs:99
Returns: IEnumerable<PasswordPolicyFlagInfo>

Finds accounts where the PASSWD_NOTREQD userAccountControl flag is set.

Parameters

domainName System.String = null optionalposition: 0
Target domain name. If null, queries all domains in current forest.
forestName System.String = null optionalposition: 1
Target forest name. If null, uses current forest.

Returns

Collection of accounts with password not required flag set.

public static IEnumerable<PasswordPolicyFlagInfo> GetWeakPasswordPolicies(String domainName = null, String forestName = null) #
ADPlayground/Domain/PasswordPolicyAnalyzer.cs:49
Returns: IEnumerable<PasswordPolicyFlagInfo>

Finds accounts with multiple password policy violations. Includes accounts with pwdLastSet=0, password not required, or password never expires.

Parameters

domainName System.String = null optionalposition: 0
Target domain name. If null, queries all domains in current forest.
forestName System.String = null optionalposition: 1
Target forest name. If null, uses current forest.

Returns

Collection of accounts with multiple password policy violations.