Home page logo

pauldotcom logo PaulDotCom mailing list archives

regex for default Windows AD password complexity
From: Robin Wood <robin () digininja org>
Date: Tue, 9 Apr 2013 12:53:27 +0100

I'm building an extra check for Pipal and want to check for password
complexity, specifically that defined by Windows AD.

I've not dug into it to far but from what I can tell this is the default:

   - Passwords cannot contain the user’s account name or parts of the
   user’s full name that exceed two consecutive characters.
   - Passwords must be at least six characters in length.
   - Passwords must contain characters from three of the following four

   1. English uppercase characters (A through Z).
   2. English lowercase characters (a through z).
   3. Base 10 digits (0 through 9).
   4. Non-alphabetic characters (for example, !, $, #, %).

[from here

I can't check the first bullet but I can do the rest.


Can anyone confirm that this is the default set up?

Does anyone have a regex that covers this? I can write one but may as well
reuse an existing tested one.

Does anyone have any other default complexity policies that it would be
worth including?

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
  • regex for default Windows AD password complexity Robin Wood (Apr 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]