Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices

From: Fabrizio Viggiani (xxxfabrizio_viggianixxx_at_xxxhotmail.com)
Date: 05/13/04

Next message: Frans Bouma [C# MVP]: "Re: Split this C# newsgroup"
Previous message: songie D: "Collection indexes"
In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices"
Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 13 May 2004 11:02:05 +0200

Ciao Joe,

What can I use beside NetUserChangePassword?

Fabrizio

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eA5vlYDOEHA.3452@TK2MSFTNGP10.phx.gbl...
> SetPassword requires the Reset Password permission which is usually only
> given out to Admins and Account Operators. ChangePassword is usually
given
> to regulars users for their own objects.
>
> Unfortunately, ADSI won't let you bind with a user's credentials if they
> need to change the password at next login, so I don't think you can use
ADSI
> to do what you want to do.
>
> Joe K.
>
> "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> news:uYDJiABOEHA.2468@TK2MSFTNGP11.phx.gbl...
> > Thanks Ben,
> > If the user must change password at next logon I got the same exception
> > executing the following line:
> > SearchResult result = search.FindOne();
> > otherwise if the user is not forced to change password, I got a
> > System.UnauthorizedAccessException ("Access is denied.")
> > executing the following line of code:
> > objUser.SetPassword("newpassword");
> >
> > This is different from using only DirectoryEntry:
> > DirectoryEntry de = new DirectoryEntry();
> > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > AuthenticationTypes.Secure;
> > de.Path = "LDAP://10.0.50.20/cn=fv,cn=users,dc=newtesthp,dc=com";
> > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > de.Password = "fv";
> > de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> > de.CommitChanges();
> > If the user must change password at next logon I always got the same
> > exception (Logon failure: unknown user name or bad password)
> > executing the following line:
> > de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> > otherwise if the user is not forced to change password, I am able to
> change
> > the password.
> >
> > I think that the only solution is,on failure, to try to change the
> password
> > with NetUserChangePassword.
> > This is not what I liked to do but I don't see any other solution.
> > What do you think about it?
> >
> > Fabrizio
> >
> >
> >
> >
> > "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> > news:#bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...
> > > Fabrizio,
> > >
> > > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> > >
> > > or I actually use:
> > >
> > > using System;
> > > using System.DirectoryServices;
> > >
> > > using ActiveDs;
> > >
> > > public static void ChangePassword(string username, string password)
> > > {
> > > try
> > > {
> > > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > > LdapPassword);
> > > DirectorySearcher search = new DirectorySearcher(de,
> > > "(samAccountName=" + username+ ")");
> > > SearchResult result = search.FindOne();
> > > return new DsUser(result.GetDirectoryEntry());
> > > // Set Password and Enable Account
> > > IADsUser objUser = (IADsUser)user.NativeObject;
> > > objUser.SetPassword(password);
> > > }
> > > catch(Exception exp)
> > > {
> > > throw exp;
> > > }
> > > }
> > >
> > > This doesn't require you have know the old password and might help
> resolve
> > > your authetication issues. That is, assuming you are authenticating
to
> AD
> > > successfully. Let me know if this helps. If not, What line are you
> > getting
> > > the error message on.
> > >
> > >
> > > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...
> > > > (Sorry for the crosspost, but I really don't know which is the right
> > > > newsgroup!)
> > > > Hi all,
> > > >
> > > > I try to change the password to a user that as to change the
password
> at
> > > > first logon:
> > > > try
> > > >
> > > > {
> > > >
> > > > DirectoryEntry de = new DirectoryEntry();
> > > >
> > > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > > AuthenticationTypes.Secure;
> > > >
> > > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > > >
> > > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > > >
> > > > de.Password = "fv";
> > > >
> > > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > > >
> > > > SearchResult sr = ds.FindOne();
> > > >
> > > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > > >
> > > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > > >
> > > > usr.CommitChanges();
> > > >
> > > > }
> > > >
> > > > catch(Exception e)
> > > >
> > > > {
> > > >
> > > > Console.WriteLine(e.Message);
> > > >
> > > > }
> > > >
> > > > I an exception that says "Logon failure: unknown user name or bad
> > > password"
> > > > and it seems to me that I have
> > > > no way neither to change the password nor to distinguish a wrong
> > > credential
> > > > error from a an error due to a disabled account, a password expired.
> > > >
> > > > Do you have any suggestion to solve this problem.
> > > >
> > > > Thanks
> > > >
> > > > Fabrizio
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Next message: Frans Bouma [C# MVP]: "Re: Split this C# newsgroup"
Previous message: songie D: "Collection indexes"
In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices"
Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: Changing Password to an account that has to change password at first logon using System.DirectoryServices"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: No password expiration message/Cant change password
... Default Domain Policy: Local policies-security options: All that shows ... Policy: Network Security: Force logoff when logon hours expire. ... At first I get a Must Change Password notice, Click Change Password, get ... > Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
Re: Force PW change with notice
... Domain accounts and a very large number of mobile users. ... > 'Change password at next logon is no good' as it doesn't provide enough ... Hi Navigato, ... cant "logon using dial up networking") when the password expires they cannot ...
(microsoft.public.security)
Re: Set "Password never expires" on users in a specific OU?
... You should not assign values directly to the userAccountControl attribute. ... user must change it the next time they logon on. ... ' Check if user must change password at next logon. ... I pieced this together from some other scripts I have.... ...
(microsoft.public.scripting.vbscript)
RE: ADMT - password questions
... > I understand that you want to disable the "User Must Change password at ... > next logon" option when using ADMT to migrate user account with password. ... The preferred solution is to use a registry key to control ... > 2 - more secure behavior, client can''t use OWF password change API. ...
(microsoft.public.windows.server.migration)
RE: OWA 2003 change password / force at next logon is broken
... Microsoft Exchange Server 2003 Enterprise Edition ... You are unable to logon to OWA. ... OWA 2003 change password / force at next logon is broken ...
(microsoft.public.exchange.admin)