Re: Validating Old Passwords Before Changing Them
- From: Alan <balasuar@xxxxxxxxx>
- Date: Fri, 1 Feb 2008 09:59:12 -0800 (PST)
On Jan 31, 6:21 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
You can't do an LDAP bind when the user's state is set to "user must change
password at next logon". In fact, I don't think you can call LogonUser
either. I'm not actually sure how GINA does this, but there does not seem
to be a straightforward way to take advantage of this OS features.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--"Alan" <balas...@xxxxxxxxx> wrote in message
news:62aa883b-1cd4-4cb0-8c68-7f3cf3dc6d04@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I'd like to write a custom logon control, and I've run into a snag
when trying to handle "User Must Change Password At Next Login"
I'd like to validate a users old/current password against the domain
before showing the user the form to change the password.
Doing an LDAP Bind() fails with the current creds.
Any Ideas how to accomplish this?
Thanks,
-Alan
Joe K,
Thanks for the reply.
LogonUser appears to work, in that it still returns non-zero, but
GetLastWin32Error() will return "ERROR_USER_MUST_CHANGE_PASSWORD" if
the password is valid, and the users password must change. I think
this is the only approach.
-Alan
.
- Follow-Ups:
- Re: Validating Old Passwords Before Changing Them
- From: Joe Kaplan
- Re: Validating Old Passwords Before Changing Them
- References:
- Validating Old Passwords Before Changing Them
- From: Alan
- Re: Validating Old Passwords Before Changing Them
- From: Joe Kaplan
- Validating Old Passwords Before Changing Them
- Prev by Date: Re: Global Catalog issues
- Next by Date: Re: Rescuing corrupted Default Domain Controller Policy
- Previous by thread: Re: Validating Old Passwords Before Changing Them
- Next by thread: Re: Validating Old Passwords Before Changing Them
- Index(es):
Relevant Pages
|
