Validate new AD password according to local security policy?

Question

I would like to allow the current user to change their password (managed via active directory).

I would like to validate and then set their password in Active Directory

Answer 1

I found a way to diagnose the error in a bit more detail. It does not provided any feedback from AD, but we can perhaps create a mapping of the COM errors to a user friendly message.

This article provides more information about handling the possible COM errors:

http://www.ozkary.com/2015/03/active-directory-setpassword-or.html

I think more detail can be added for these COM errors:

0x800708c5 0x8007202f 0x8007052d 0x8007052f

Answer 2

Imho, you can better use ChangePassword than SetPassword. That way, you require the user to specify his current (old) password. That may be interesting, because you can never be 100% sure that the user who is browsing your site is actually the user who is logged in.

Here's a link with more information: http://www.primaryobjects.com/CMS/Article66.aspx

You do not have to validate the password in advance. Just send it to AD in a try-catch, and if it's not validated, the reason why will be in the exception message.