Re: VB NetAPI User Account Validation

---

• From: "Mark Yudkin" <myudkinATcompuserveDOTcom@xxxxxxxxxxxxxx>
• Date: Fri, 30 Dec 2005 08:32:29 +0100

---

LogonUser does a local logon for a user. It will therefore fail if the user
has not been granted the relevant logon type at the local machine. Thus in
your case, both userA@xxxxxxx and userB@xxxxxxx will need (network) logon
rights at the machine executing the LogonUser API. You can check this
through the Local Security Policy admin tool ("Access this computer from a
network").

Also, I'd recommend the UPN format (UPN for lpstUserName and null
lpszDomain).

"RC" <rc@xxxxxxxxxxx> wrote in message
news:%23JEb8uODGHA.1520@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> I now plan to design a program to validate a user account in serveral
> domains. The domains are connected by VPN, so they can communicate each
> other. For example, domain controller "abc.com" has an account "userA" and
> domain controller "efg.com" has another account "userB". I use following
> function to validate the account
> Private Declare Function LogonUser Lib "kernel32" Alias "LogonUserA"
> (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal
> lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider
> As Long, phToken As Long) As Long
>
> Yes, I now try to run the program on a machine which is a member of domain
> "abc.com" and logon as local administrator. I found that works fine for
> account "userA", however, it does not work for account "userB". I am sure
> the password of account "userB" is correct.
>
> Followings are the parameter setting
>
> For logon "userA"
> ===========
> lpszUsername - "userA"
> lpszDomain - "abc.com"
> dwLogonType - LOGON32_LOGON_NETWORK
> dwLogonProvider - LOGON32_PROVIDER_DEFAULT
>
> For logon "userB"
> ===========
> lpszUsername - "userB"
> lpszDomain - "efg.com"
> dwLogonType - LOGON32_LOGON_NETWORK
> dwLogonProvider - LOGON32_PROVIDER_DEFAULT
>
> I know another tricky method from somewhere by using function
> "NetUserChangePassword". But it seems not work for me too.
> It alwyas return 1351 error either "abc.com" or "efg.com".
> ERROR: 1351 - Configuration information could not be read from the domain
> controller, either because the machine is unavailable, or access has been
> denied.
>
> Reference:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;187535#XSLTH3126121122120121120120
>
> Followings are the code of both functions.
>
> LogonUser
> =======
> Private Function CheckWindowsUser(ByVal UserName As String, _
> ByVal Password As String, Optional ByVal Domain As String) As Boolean
> Dim hToken As Long, ret As Long
>
> ' provide a default for the Domain name
> If Len(Domain) = 0 Then Domain = vbNullString
> ' check the username/password pair
> ' using LOGON32_LOGON_NETWORK delivers the best performance
> ret = LogonUser(UserName, Domain, Password, LOGON32_LOGON_NETWORK, _
> LOGON32_PROVIDER_DEFAULT, hToken)
>
> ' a non-zero value means success
> If ret Then
> CheckWindowsUser = True
> CloseHandle hToken
> End If
>
> End Function
>
> NetUserChangePassword
> ===============
> Private Function CheckWindowsUserA(ByVal UserName As String, _
> ByVal Password As String, Optional ByVal Domain As String) As Boolean
> On Error GoTo ErrHandle
>
> Dim rtn As Long
>
> rtn = NetUserChangePassword(StrConv(Domain, vbUnicode), StrConv(UserName,
> vbUnicode), StrConv(Password, vbUnicode), StrConv(Password, vbUnicode))
> Select Case rtn
> Case NERR_SUCCESS, NERR_PasswordCantChange, NERR_PasswordHistConflict,
> NERR_PasswordTooShort, NERR_PasswordTooRecent
> CheckWindowsUserA = True
> Case Else
> CheckWindowsUserA = False
> End Select
>
> Exit Function
> ErrHandle:
> CheckWindowsUserA = False
> End Function
>
> Could anyone help? or could anyone have an alternative method to solve my
> problem?
> Thanks.
>
> Regards,
> RC
>


.

---

• References:
  • VB NetAPI User Account Validation
    • From: RC

• Prev by Date: Re: mschart: draw vertical line, possible? Answered
• Next by Date: Re: Change Users Power Option - VB6 & WInXP
• Previous by thread: VB NetAPI User Account Validation
• Next by thread: RE: FindWindow
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Adding Groups on the basis of text in a VBScript ... Firstly we need to read multiple text files, which are acting as logon ... If the Datalink string is present the filename of the file being read should ... > WScript.Echo " You are a member of Domain Admins " ... >> scripts which utilize vbscript. ... (microsoft.public.windows.server.scripting) Falsche Laufwerkszuordnung =?ISO-8859-15?Q?f=FCr_logon_drive?= ... server string = PDC ... logon script = %U.cmd ... ldap delete dn = Yes ... # directive and/or disable roaming profiles ... (de.comp.os.unix.networking.samba) RE: CDOEXM and VB.Net CreateMailbox error ... It errors out in fun Logon on the ... It then goes to CannotLogon. ... > Private Function Logon(ExchangeServer As String, Domain As String, AdmUser ... > Resume AtEnd ... (microsoft.public.exchange.development) Re: Newbie VB .NET: Determine length of string ... >> form with the username portion of the logon value. ... I realize you can not define a string as a fixed length field but I ... > String gives the length of the string, or you could split on backslash ... (microsoft.public.dotnet.framework.windowsforms) Re: LogOnUser with Smart Card Credentials ... from the Windows logon dialog and serves our application only). ... call LogonUser with the credentials provided in the dialog. ... The card needs to be present to verify the PIN and also to obtain a token. ... (microsoft.public.platformsdk.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > VB  > microsoft.public.vb.winapi  > 2005-12