SamQueryInformationDomain: get DOMAIN_PASSWORD_COMPLEX using _DOMAIN_PASSWORD_INFORMATION

Question

I am trying to get Password Complexity, looking for WINAPI found SamQueryInformationDomain But seems like there no public MSDN documentation for it. not header files. found soem C# code snippet here but did not find some sample c++ code snipped for SamQueryInformationDomain. Would be great help if can share sample code

you need use SamConnect + SamOpenDomain + SamQueryInformationDomain — RbMm, Feb 25 '22 at 11:31
@RbMm yes , but I am not able find header file for reference, Can you please share sample c++ code — user3664223, Feb 25 '22 at 15:56
header file for instance https://github.com/rbmm/LIB/blob/master/INC/ntsam2.h — RbMm, Feb 25 '22 at 22:52
It seems that msdn has documentation around SamrOpenDomain and other APIs also I can find Libs under Windows Kits\\10\\Lib\\10.0.19041.0\\um\\x64\\samlib.lib https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/ba710c90-5b12-42f8-9e5a-d4aacc1329fa but its strange that I cannot find include header files with Windows kits, I can work with adding copying defintions, but not sure how much its supported or not — user3664223, Mar 16 '22 at 04:49
i dont understand in what problem. code is trivial. for instance - https://pastebin.com/3wH2PX4B for header can also use https://github.com/processhacker/phnt/blob/master/ntsam.h . samlib.lib exist in any sdk — RbMm, Mar 16 '22 at 09:25

score 0 · Accepted Answer · answered Mar 16 '22 at 10:13

Finally after many tryouts and searches I figured out

NTSTATUS status, enumDomainStatus, enumUserStatus;
UNICODE_STRING serverName;
ACCESS_MASK mask = 0;
mask = SAM_SERVER_CONNECT | SAM_SERVER_ENUMERATE_DOMAINS | SAM_SERVER_LOOKUP_DOMAIN;
SAMPR_HANDLE hServerHandle, hBuiltinHandle = NULL, hDomainHandle, hUserHandle;
DWORD domainEnumerationContext = 0, domainCountRetourned, userEnumerationContext, userCountRetourned, groupsCountRetourned, i, j, k, aliasCountRetourned, *alias;
PSAMPR_RID_ENUMERATION pEnumDomainBuffer, pEnumUsersBuffer;
PSID domainSid, userSid;
SID builtin = { SID_REVISION, 1, SECURITY_NT_AUTHORITY, {SECURITY_BUILTIN_DOMAIN_RID} };
PGROUP_MEMBERSHIP pGroupMemberShip;


PSAMPR_DOMAIN_INFO_BUFFER buff;

RtlInitUnicodeString(&serverName, L"");

status = SamConnect(&serverName, &hServerHandle, SAM_SERVER_ALL_ACCESS, FALSE);
if (0 != status)
{
    printf("SamConnect error (?) %08x\n", status);
    return;
}

status = SamOpenDomain(hServerHandle, DOMAIN_READ_PASSWORD_PARAMETERS, &builtin, &hDomainHandle);
if (0 != status)
{
    printf("SamOpenDomain Builtin (?) %08x\n", status);
    return;
}

status = SamQueryInformationDomain(hDomainHandle, DomainPasswordInformation, &buff);

if (0 != status)
{
    printf("SamQueryInformation failed with %08x\n", status);
    return ;
}

ULONG properties = buff->Password.PasswordProperties;


printf("SamQueryInformation success with password properties value : %ld\n", properties);
printf("SamQueryInformation success with password MaxPasswordAge value : %ld\n", buff->Password.MaxPasswordAge);
printf("SamQueryInformation success with password MinPasswordAge value : %ld\n", buff->Password.MinPasswordAge);
printf("SamQueryInformation success with password MinPasswordLength value : %ld\n", buff->Password.MinPasswordLength);
printf("SamQueryInformation success with password PasswordHistoryLength value : %ld\n", buff->Password.PasswordHistoryLength);

SamQueryInformationDomain: get DOMAIN_PASSWORD_COMPLEX using _DOMAIN_PASSWORD_INFORMATION

1 Answers1