Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/12/04 

Date: Wed, 12 May 2004 10:31:05 -0500

SetPassword requires the Reset Password permission which is usually only
given out to Admins and Account Operators. ChangePassword is usually given
to regulars users for their own objects.

Unfortunately, ADSI won't let you bind with a user's credentials if they
need to change the password at next login, so I don't think you can use ADSI
to do what you want to do.

Joe K.

"Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
news:uYDJiABOEHA.2468@TK2MSFTNGP11.phx.gbl...
> Thanks Ben,
> If the user must change password at next logon I got the same exception
> executing the following line:
> SearchResult result = search.FindOne();
> otherwise if the user is not forced to change password, I got a
> System.UnauthorizedAccessException ("Access is denied.")
> executing the following line of code:
> objUser.SetPassword("newpassword");
>
> This is different from using only DirectoryEntry:
> DirectoryEntry de = new DirectoryEntry();
> de.AuthenticationType = AuthenticationTypes.ServerBind |
> AuthenticationTypes.Secure;
> de.Path = "LDAP://10.0.50.20/cn=fv,cn=users,dc=newtesthp,dc=com";
> de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> de.Password = "fv";
> de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> de.CommitChanges();
> If the user must change password at next logon I always got the same
> exception (Logon failure: unknown user name or bad password)
> executing the following line:
> de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> otherwise if the user is not forced to change password, I am able to
change
> the password.
>
> I think that the only solution is,on failure, to try to change the
password
> with NetUserChangePassword.
> This is not what I liked to do but I don't see any other solution.
> What do you think about it?
>
> Fabrizio
>
>
>
>
> "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> news:#bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...
> > Fabrizio,
> >
> > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> >
> > or I actually use:
> >
> > using System;
> > using System.DirectoryServices;
> >
> > using ActiveDs;
> >
> > public static void ChangePassword(string username, string password)
> > {
> > try
> > {
> > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > LdapPassword);
> > DirectorySearcher search = new DirectorySearcher(de,
> > "(samAccountName=" + username+ ")");
> > SearchResult result = search.FindOne();
> > return new DsUser(result.GetDirectoryEntry());
> > // Set Password and Enable Account
> > IADsUser objUser = (IADsUser)user.NativeObject;
> > objUser.SetPassword(password);
> > }
> > catch(Exception exp)
> > {
> > throw exp;
> > }
> > }
> >
> > This doesn't require you have know the old password and might help
resolve
> > your authetication issues. That is, assuming you are authenticating to
AD
> > successfully. Let me know if this helps. If not, What line are you
> getting
> > the error message on.
> >
> >
> > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...
> > > (Sorry for the crosspost, but I really don't know which is the right
> > > newsgroup!)
> > > Hi all,
> > >
> > > I try to change the password to a user that as to change the password
at
> > > first logon:
> > > try
> > >
> > > {
> > >
> > > DirectoryEntry de = new DirectoryEntry();
> > >
> > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > AuthenticationTypes.Secure;
> > >
> > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > >
> > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > >
> > > de.Password = "fv";
> > >
> > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > >
> > > SearchResult sr = ds.FindOne();
> > >
> > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > >
> > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > >
> > > usr.CommitChanges();
> > >
> > > }
> > >
> > > catch(Exception e)
> > >
> > > {
> > >
> > > Console.WriteLine(e.Message);
> > >
> > > }
> > >
> > > I an exception that says "Logon failure: unknown user name or bad
> > password"
> > > and it seems to me that I have
> > > no way neither to change the password nor to distinguish a wrong
> > credential
> > > error from a an error due to a disabled account, a password expired.
> > >
> > > Do you have any suggestion to solve this problem.
> > >
> > > Thanks
> > >
> > > Fabrizio
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Changing Password to an account that has to change password at first logon using System.Director
    ... If the user must change password at next logon I got the same exception ... executing the following line of code: ... Fabrizio ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: You are not authorized to view this page
    ... AUTHORITY\SYSTEM BAY18 "Logon Failure: ... Logon Process: Kerberos ... Caller User Name: - ...
    (microsoft.public.inetserver.iis.security)
  • Re: MSExchangeSA errors
    ... Well of course there are logon failures on the exchange server, ... > Please check if there are some Logon Failure auditing events in the ... > in the Local Computer Policy or the Default Domain Policy. ...
    (microsoft.public.exchange.admin)
  • Re: MSExchangeSA errors
    ... Well of course there are logon failures on the exchange server, ... Please check if there are some Logon Failure auditing events in the ... The user has not been granted the requested logon type at this ...
    (microsoft.public.exchange.admin)
  • Re: event IDs 681, 529 and error code 3221225572
    ... context of the log) and say "That's a hacker". ... When examining logon failures, go to the workstation that is generating ... > the "Account Logon" ... > I receive dozens logon failure audits per day about logon ...
    (microsoft.public.win2000.security)