0

I'm looking for a way to check if a password contains any characters that are not allowed in a Microsoft Active Directory. So I need to test if a password is possible without concern for the password complexity.

I think the best way is using a Regex.

According this site; https://technet.microsoft.com/en-us/library/hh994562%28v=ws.10%29.aspx the possible password characters for a Microsoft Active Directory Account are:

  • Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)

  • Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)

  • Base 10 digits (0 through 9)

  • Non-alphanumeric characters (special characters) (for example, !, $, #, %)

  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

So what would be the regex to check the password only contains valid AD characters.

!!! I'm not looking for a way to test the password complexity, only to check if the characters are valid for a AD password.

Thanks a lot...

Josh Crozier
  • 233,099
  • 56
  • 391
  • 304
Dennis
  • 1,528
  • 2
  • 16
  • 31
  • Does this help: http://stackoverflow.com/questions/774569/regex-that-validates-active-directory-default-password-complexity? – Wiktor Stribiżew Apr 07 '15 at 08:32
  • Thanks for the time, but this is absolutely not what I'm looking for. Last remark of me, and I qoute 'I'm not looking for a way to test the password complexcity', and your artice explains how to check password complexcity. Sorry was not ment to be rude... – Dennis Apr 07 '15 at 08:40
  • Ok, I do not feel offended, just please show what you have tried so far. On SO, we do not create entire solutions for you, we can just help you identify errors in you code/regex/etc. – Wiktor Stribiżew Apr 07 '15 at 08:49
  • All the regex found on this matter are on complexity. I'm not to keen on regex. So the question is if someone allready made a regex for this... – Dennis Apr 07 '15 at 09:41
  • That's a really long regex. I think you need to narrow down the scope of the charset. No regex engine will be able to process those lengthy patterns. – Amen Jlili Apr 07 '15 at 10:08
  • Testing password complexity and testing if password characters are valid are roughly the same thing. You could get away with `^[any-whitelisted-characters-here]+$` if you want to test for valid characters only, or with a variation of the suggestion in the duplicate, if you want more control. The obvious alternative is to simply accept *anything* from the user and try to create an AD password from it. The Windows API will give you an error if that fails, which you can catch. In other words, you can easily externalize the validity check. – Tomalak Apr 07 '15 at 10:40
  • This is NOT a duplicate, testing for complexity and testing for valid characters is not the same. I don't care it the password is only 4 characters, I don't care it part of the username is in there, I don't care if password is allready used. I want to know it this could be a valid password on a active directory without any password policy. For example; I need to know if this could be correct: "àteyüCx¢Ê¶çà" – Dennis Apr 07 '15 at 11:08

0 Answers0