Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/11/04 

Date: Tue, 11 May 2004 16:41:35 -0500

Also, you should really never bind to AD supplying credentials without
adding AuthenticationTypes.Secure to your DirectoryEntry constructor.
Otherwise you are using simple bind and credentials are passed in clear text
over the network.

Additionally, it is always a good idea to call Dispose on all of the
IDisposable S.DS classes, DirectoryEntry, DirectorySearcher and
SearchResultCollection, or they will tend to leak memory. DirectoryEntry is
especially problematic because the Finalize method has a bug where it
doesn't release the underlying COM object (fixed in Whidbey). C# folks can
use the "using" construct.

Joe K.

"Ben Dewey" <ben.dewey@scientiae.com> wrote in message
news:%23bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...
> Fabrizio,
>
> Try to the usr.Invoke('SetPassword', new object[]{"new password"});
>
> or I actually use:
>
> using System;
> using System.DirectoryServices;
>
> using ActiveDs;
>
> public static void ChangePassword(string username, string password)
> {
> try
> {
> DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> LdapPassword);
> DirectorySearcher search = new DirectorySearcher(de,
> "(samAccountName=" + username+ ")");
> SearchResult result = search.FindOne();
> return new DsUser(result.GetDirectoryEntry());
> // Set Password and Enable Account
> IADsUser objUser = (IADsUser)user.NativeObject;
> objUser.SetPassword(password);
> }
> catch(Exception exp)
> {
> throw exp;
> }
> }
>
> This doesn't require you have know the old password and might help resolve
> your authetication issues. That is, assuming you are authenticating to AD
> successfully. Let me know if this helps. If not, What line are you
getting
> the error message on.
>
>
> "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...
> > (Sorry for the crosspost, but I really don't know which is the right
> > newsgroup!)
> > Hi all,
> >
> > I try to change the password to a user that as to change the password at
> > first logon:
> > try
> >
> > {
> >
> > DirectoryEntry de = new DirectoryEntry();
> >
> > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > AuthenticationTypes.Secure;
> >
> > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> >
> > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> >
> > de.Password = "fv";
> >
> > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> >
> > SearchResult sr = ds.FindOne();
> >
> > DirectoryEntry usr = sr.GetDirectoryEntry();
> >
> > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> >
> > usr.CommitChanges();
> >
> > }
> >
> > catch(Exception e)
> >
> > {
> >
> > Console.WriteLine(e.Message);
> >
> > }
> >
> > I an exception that says "Logon failure: unknown user name or bad
> password"
> > and it seems to me that I have
> > no way neither to change the password nor to distinguish a wrong
> credential
> > error from a an error due to a disabled account, a password expired.
> >
> > Do you have any suggestion to solve this problem.
> >
> > Thanks
> >
> > Fabrizio
> >
> >
>
>

Relevant Pages

  • Re: Accessing ADAM attributes for an Active Directory user
    ... You are not binding as a proxy, you are binding as a windows user. ... If you want to bind as proxy, then you have to do simple bind: ... DirectoryEntry entry = new DirectoryEntry( ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADFS Development Issues
    ... Public Function IsUserAuthenticated(ByVal strAdPath As String, ... On Apr 22, 5:23 am, "Joe Kaplan" ... You can use that to build a directoryentry to use as the search root. ... user's credentials. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Get list of the Groups a User belongs to
    ... public static string GetSAMAccountName ... DirectoryEntry objADEntry = null; ... Your code will only work when the caller is running in his domain account, when this is not the case, you need to bind explicitly against the Domain or the DC, and preferably using FastBind for performance reasons. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Authenticate Against localhost and AD
    ... > credentials depending on what you are binding to. ... > user names and passwords via a DirectoryEntry bind, ... What can I change here to make ASPNET account to connect to AD? ... The application allows to use application-specific accounts ...
    (microsoft.public.dotnet.security)
  • Re: form authetication?
    ... There are 4 possible username formats for an AD bind with DirectoryEntry ... userPrincipalName (user@domain.com, ... > impersonation be used with form authentication? ...
    (microsoft.public.dotnet.framework.aspnet.security)