I have a very strange requirement and I want to know how feasible its. A customer wants a web application, but in it, they want the administrator to be able of:
Create users in Active Directory 2. Be able to change users password or generate random ones and then it must be changed on AD 3. Be able to change minimum login length and maximum login length for new users in AD. 4. Be able to change password complexity in case users change their password, then the web app should show an error message.
Update 1. More questions About Nr 3. Users want to be able to define if login length is between 5 and 10 characters from the web application, is there an API for this on AD?, I am not an AD expert so I dont even know if AD has the option to configure the username length.
More questions 5. Can I with AD API, view and audit log?, when were users authenticated, was login succesfull or failed? 6. Configure the number of attempts before the account is locked? and alert and administrator when an account is locked due to # of failed attempts. 7. This one is like a stupid question, can I make a functionality for users to recover their passwords via email? (literally they asked me that), but if the account is locked they wont be able to access their email either, lol 8. Configure via API when the user must change password or when it expirtes 9.
You can enforce complexity on password change programmatically. If you want to dynamically change the password policy, this is also possible.