Overview[1]#

AD Password Filters provide a way for you to implement Password Policy and Password Modify Operation notification.

Passfilt.dll is Microsoft's implementation of a password filter.

When a Password Modify Operation is made, the Local Security Authority (LSA) calls the AD Password Filters registered on the system. Each AD Password Filters is called twice:

• first to validate the new password
• and then, after all filters have validated the new password, to notify the AD Password Filters that the change has been made.

Password change request

Password change notification can be used to synchronize password changes to foreign Credential Data Stores.

AD Password Filters are used to enforce Password Policy. Filters validate new passwords and indicate whether the new password conforms to the implemented password policy.

• For an overview of using password filters, see Using Password Filters.
• For a list of password filter functions, see Password Filter Functions.

The following topics provide more information about password filters:

• Password Filter Programming Considerations
• Strong Password Enforcement and Passfilt.dll

More Information#

There might be more information for this subject on one of the following:

• AD Driver version 4.0.0.4
• Active Directory and Passwords
• DirXML PWFILTER.DLL
• LSA Protection
• Password Flow From Active Directory to eDirectory

---

• [#1] - Password Filters - based on information obtained 2016-01-02-
• [#2] - Password Filter Programming Considerations - based on information obtained 2020-02-11
• [#3] - Installing and Registering a Password Filter DLL - based on information obtained 2020-02-11