AD Password Filters


AD Password Filters provide a way for you to implement Password Policy and Password Modify Operation notification.

Passfilt.dll is Microsoft's implementation of a password filter.

When a Password Modify Operation is made, the Local Security Authority (LSA) calls the AD Password Filters registered on the system. Each AD Password Filters is called twice:

  • first to validate the new password
  • and then, after all filters have validated the new password, to notify the AD Password Filters that the change has been made.

Password change request

Password change notification can be used to synchronize password changes to foreign Credential Data Stores.

AD Password Filters are used to enforce Password Policy. Filters validate new passwords and indicate whether the new password conforms to the implemented password policy.

The following topics provide more information about password filters:

More Information#

There might be more information for this subject on one of the following: