OWA ASP coding for the post to achg.asp

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Sean M. Loftus (me)_at_loftus.org)
Date: 02/02/05 

Date: Wed, 2 Feb 2005 14:55:11 -0500

 I have an issue with the way the code is manipulating the account after
posting to the "achg.asp" password change page, which is part of the
IISADMPWD package for OWA password changes. It appears to be using the WINNT
provider, which only looks at the netbios name if I'm correct and I need it
to do LDAP provider. We have a large number of users who's accounts are over
20 characters and this presents a problem when we have to have users with
longer names use domain\account instead of the account@domain UPN like we
are told them to use. if the name is shorter, no problem and if its
domain\account no problem, its just longer names in the upn format.

The relevant section of code is below and as you can see it does the WINNT
lookup. I know certain attributes are unavailable with WINNT (givenname, sn
etc.) as they don't exist with this provider.

can anyone help with the conversion of the WINNT section of code to LDAP so
I can work around this limitation? If it helps, my users will never do a
domain\account style logon so it doesn't have to do the check for these two
in the code below and would be simpler...

Thanks,

 On Error resume next
 dim domain,posbs, posat, username, pUser, root

 domain = Trim(Request.Form("domain"))
 ' if no domain is present we try to get the domain from the username,
 ' e.g. domainusername or praesi@ultraschallpiloten.com

 if domain = "" then
  posbs = Instr(1,Request.Form("acct"),"\" )
  posat = Instr(1,Request.Form("acct"),"@" )
  if posbs > 0 then
   domain = Left(Request.Form("acct"),posbs-1)
   username = Right(Request.Form("acct"),len(Request.Form("acct")) - posbs)
  elseif posat > 0 then
   domain = Right(Request.Form("acct"),len(Request.Form("acct")) - posat)
   username = Left(Request.Form("acct"),posat-1)
  else
   username = Request.Form("acct")
   set nw = Server.CreateObject("WScript.Network")
   domain = nw.Computername
  end if
 else
  username = Trim(Request.Form("acct"))
 end if

 ' verify that the characters in the user name are valid
 if IsInvalidUsername(username) = true then
  Response.Write L_InvalidUsername_Text & "."
  Response.Write "<br><H3><a href=" &
Server.HTMLEncode(Request.ServerVariables("HTTP_REFERER")) & ">" &
L_Back_Text & " </a></H3>"
  Response.End
 end if

 ' verify that the characters in the domain name are valid
 if IsInvalidDomainname(domain) = true then
  Response.Write L_InvalidDomainname_Text & "."
  Response.Write "<br><H3><a href=" &
Server.HTMLEncode(Request.ServerVariables("HTTP_REFERER")) & ">" &
L_Back_Text & " </a></H3>"
  Response.End
 end if

 set pUser = GetObject("WinNT://" & username & "@" & domain & ",user")

' set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")
 if Not IsObject(pUser) then
  set root = GetObject("WinNT:")

  set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username &
",user", username, Request.Form("old"),1)
  Response.Write "<!--OpenDSObject call-->"
 end if

 if Not IsObject(pUser) then
  set pUser = Server.CreateObject("IIS.PwdChg")
  pUser.Domain = domain
  pUser.User = username
 end if

 if Not IsObject(pUser) then
  'Response.Write "domain <> null - OpenDSObject also failed"
  if err.number = -2147024843 then
   Response.Write L_NotExist_Text & "."
  else
   if err.description <> "" then
    Response.Write L_Error_Text & ": " & err.description
   else
    Response.Write L_Errornumber_Text & ": " & err.number
   end if
   Response.Write "<br><H3><a href=" &
Server.HTMLEncode(Request.ServerVariables("HTTP_REFERER")) & ">" &
L_Back_Text & " </a></H3>"
  end if
  Response.End
 end if 

-- 
Sean M. Loftus
Enterprise Architect
Loftus Consulting, Inc.
www.LoftusConsulting.com
sean(removeme)@loftus.org

Relevant Pages

  • Re: Client Local Admin Passwords
    ... account to a new username versus using the default "Administrator" for security purposes. ... But no where is there a way to force a password change for that local Admin account. ... Does any one have a good way to change their client local administrator password? ...
    (microsoft.public.windows.server.active_directory)
  • RE: cannot log on to user account following password change
    ... cannot log on to user account following password change ... I changed the username on the account in ... | on the sbs box. ...
    (microsoft.public.windows.server.sbs)
  • Re: logon failure
    ... MSSQLServer service after you change the username of administrator account. ... username for the SQL Server startup service account or the SQL Server Agent ... Microsoft SQL Server service account on the SQL Server host computer. ...
    (microsoft.public.windows.server.sbs)
  • Re: The server has rejected your login. Please verify that your userna
    ... If you're repeatedly prompted for your username and password, or if you're getting an 'invalid credentials' or 'web login required' error, we suggest that you verify the following settings in your mail client: ... If you're a transitioned Google Apps account user, you should use this link to clear your CAPTCHA. ... numbers as directed by gmail, I also know that I have my user name and ...
    (microsoft.public.windows.vista.mail)
  • RE: cannot log on to user account following password change
    ... home box with an existing local profile in conjunction with the sbs account. ... a local profile on the xp home box called Fiona Bavester had a username ...
    (microsoft.public.windows.server.sbs)