Re: Changing ADAM user password

Joe,

FastBind is causing some ADSI methods to be pruned (as described on
pages 89-90 of your book ;) So I can't call Invoke("ChangePassword",)
(I get a COM IDispatch error).

I've never added a raw SID to a role before, do I have to add it to the
ForeignSecurityPrincipals in the Configuration NC first? How would I
do that?

Mike

Joe Kaplan (MVP - ADSI) wrote:
I'd suggest either adding the FastBind flag (which might work here; not
sure) or just adding the authenticated users SID (<SID=S-1-5-8>) to the
Readers role. That way, you don't have to add each user individually.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<compurhythms@xxxxxxxxx> wrote in message
news:1150732879.477067.118130@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sorry, the full path to my user should read:

string ldapPath = "LDAP://localhost:9389/CN=My User,OU=My
Unit,DC=MYPARTITION,DC=ADAM";

Also, the creating the directory entry should look like:

DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID,
oldPassword, AuthenticationTypes.None);

compurhythms@xxxxxxxxx wrote:
I've got an existing ADAM user. I'm trying to change its password in
c#. I know the current password is set correctly because I can bind to
the instance via LDP with its credentials. Here is how I am trying to
change the password:

string ldapPath = "LDAP://CN=My User,OU=My
Unit,DC=MYPARTITION,DC=ADAM";

string userID = "myUser"; // this is the userPrinicpalName for my
user's ADAM entry

DirectoryEntry changeEntry = new DirectoryEntry(fullDN, userID,
oldPassword, AuthenticationTypes.None);

if (changeEntry != null)
{
// ** code fails on next line
changeEntry.Options.PasswordEncoding =
PasswordEncodingMethod.PasswordEncodingClear;

changeEntry.Options.PasswordPort = 9389;

changeEntry.Invoke("ChangePassword", new Object[] {oldPassword,
newPassword });
}

At the code marked "**" above, I get an exception "no such object on
the server".

Now this usually means one of two things:

1. The object really does not exist - It does in my case
2. There is a security issue accessing the entry

So #2 sounds more likely, but I'm providing the user's current
userPrincipalName and password to bind to the entry. Do I have to add
all my ADAM users to the "Readers" role just to allow them to change
passwords on their own object?

Mike


.

Relevant Pages

  • Re: Changing ADAM user password
    ... FastBind is causing some ADSI methods to be pruned (as described on ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... the creating the directory entry should look like: ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing ADAM user password
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... the creating the directory entry should look like: ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing ADAM user password
    ... setting in ADAM, but it was removed to make ADAM "secure by default". ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing ADAM user password
    ... the creating the directory entry should look like: ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ... oldPassword, AuthenticationTypes.None); ...
    (microsoft.public.windows.server.active_directory)
Loading