问题
We have an issue at work where too many people have the same password and end up logging into other user's accounts. This is not helped by the group leaders who insist all work passwords should be similar.
I know it is a different issue, but is there a way to check the AD and say these users have the same password?
回答1:
No way since the passwords are separately hashed. However, I would just go on and push the button enforcing everyone to change their password, as well as put policies on how the password shall look like and forcing passwords to be changed every 30-60-120 days. Highly unlikely that people will actually change their password to the same one.
回答2:
If you have the password, you could know who have the same password using PrincipalContext from System.Security.Principal class, using something like that:
/// <summary>
/// Return true if user is authenticated
/// </summary>
/// <param name="strUsername_">User name</param>
/// <param name="strPassword_">User password</param>
/// <returns>True if authenticated</returns>
public static bool IsAuthenticated(string strUsername_, string strPassword_)
{
using (var pc = new PrincipalContext(ContextType.Domain, DomainManager.DomainName))
return pc.ValidateCredentials(strUsername_, strPassword_);
}
In this code, DomainManager.DomainName is Domain.GetCurrentDomain().Name from System.DirectoryServices.ActiveDirectory library.
The user has the specified password verified, the method will return true.
But in any case, you will never get a password from the user, you can only try to verify it.
来源:https://stackoverflow.com/questions/23001720/check-ad-for-same-passwords