Background: I have an ASP.Net web forms site that allows our web admins to create users. The new users are added to my domain (Active Directory - Users). I use Forms authentication and the ActiveDirectoryMembershipProvider (LDAP connection to my domain). When the user is being created I validate the password/confirm password through a RegEx to check for complexity and length. We require length 7, and Upper Case,Lower Case and Numeric or Special Character (fairly standard) and I also do some basic checks to verify the password doesn't include the username. My default domain policy password settings require the same length and I've set it to enforce complex passwords among other settings like account lock out duration etc... again fairly standard on a domain.
I'd like to be able to remove all my password validation code that I created and use the Default Domain Policy object in C#. This way if I change my default domain policy (i.e. change password length to 10 instead of 7) I won't have to update my RegEx to check for length of 10. My customer is not a big fan of hard-coded values like this and I most likely won't pass their code review, plus it would require an install to new version for a simple change like password length. It's been suggested to me to put the RegEx in my web.config like an app setting so any update would just be to the web.config. But then i won't have access to other properties like account settings.
Has anyone had success reading the Default Domain Policy in C# or are there API's or classes I can reference to access these types of objects? I've done some googling but i'm not having much luck. Any pointers would be great. Also, if this is just not possible please let me know so I can stop banging my head on my desk.
I'm using VS2008, Framework 3.5.
My domain controller is running Windows 2008 Server R2, service pack 2.