lithnet/ad-password-protection — reverse-engineered prompt

Build me a Windows tool for Active Directory domain controllers that checks passwords when users try to change them and blocks weak ones before they are saved. I want admins to manage the rules with Group Policy and PowerShell.

It should reject known breached passwords, import data from Have I Been Pwned or other plain text and NTLM hash lists, block banned words even when people use common character swaps, and support length aware complexity rules, regex checks, and a points system for password strength. It also needs an audit feature so admins can scan existing AD passwords against the compromised list and identify accounts that should be forced to reset.

Please keep passwords on the domain controller, write detailed event logs, work well in large environments, and avoid needing extra servers or internet access after setup. Make it installable on x64 Windows Server and include the basic setup pieces so someone can download, install, configure, and use it. Look up current docs online if you need to.