Changing Password to an account that has to change password at first logon using System.DirectoryServices | | |
(Sorry for the crosspost, but I really don't know which is the right
newsgroup!)
Hi all,
I try to change the password to a user that as to change the password at
first logon:
try
{
DirectoryEntry de = new DirectoryEntry();
de.AuthenticationType = AuthenticationTypes.ServerBind |
AuthenticationTypes.Secure;
de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
de.Password = "fv";
DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
SearchResult sr = ds.FindOne();
DirectoryEntry usr = sr.GetDirectoryEntry();
usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
usr.CommitChanges();
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
I an exception that says "Logon failure: unknown user name or bad password"
and it seems to me that I have
no way neither to change the password nor to distinguish a wrong credential
error from a an error due to a disabled account, a password expired.
Do you have any suggestion to solve this problem.
Thanks
Fabrizio
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Fabrizio,
Try to the usr.Invoke('SetPassword', new object[]{"new password"});
or I actually use:
using System;
using System.DirectoryServices;
using ActiveDs;
public static void ChangePassword(string username, string password)
{
try
{
DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
LdapPassword);
DirectorySearcher search = new DirectorySearcher(de,
"(samAccountName=" + username+ ")");
SearchResult result = search.FindOne();
return new DsUser(result.GetDirectoryEntry());
// Set Password and Enable Account
IADsUser objUser = (IADsUser)user.NativeObject;
objUser.SetPassword(password);
}
catch(Exception exp)
{
throw exp;
}
}
This doesn't require you have know the old password and might help resolve
your authetication issues. That is, assuming you are authenticating to AD
successfully. Let me know if this helps. If not, What line are you getting
the error message on.
"Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=blue]
> (Sorry for the crosspost, but I really don't know which is the right
> newsgroup!)
> Hi all,
>
> I try to change the password to a user that as to change the password at
> first logon:
> try
>
> {
>
> DirectoryEntry de = new DirectoryEntry();
>
> de.AuthenticationType = AuthenticationTypes.ServerBind |
> AuthenticationTypes.Secure;
>
> de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
>
> de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
>
> de.Password = "fv";
>
> DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
>
> SearchResult sr = ds.FindOne();
>
> DirectoryEntry usr = sr.GetDirectoryEntry();
>
> usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
>
> usr.CommitChanges();
>
> }
>
> catch(Exception e)
>
> {
>
> Console.WriteLine(e.Message);
>
> }
>
> I an exception that says "Logon failure: unknown user name or bad[/color]
password"[color=blue]
> and it seems to me that I have
> no way neither to change the password nor to distinguish a wrong[/color]
credential[color=blue]
> error from a an error due to a disabled account, a password expired.
>
> Do you have any suggestion to solve this problem.
>
> Thanks
>
> Fabrizio
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Also, you should really never bind to AD supplying credentials without
adding AuthenticationTypes.Secure to your DirectoryEntry constructor.
Otherwise you are using simple bind and credentials are passed in clear text
over the network.
Additionally, it is always a good idea to call Dispose on all of the
IDisposable S.DS classes, DirectoryEntry, DirectorySearcher and
SearchResultCollection, or they will tend to leak memory. DirectoryEntry is
especially problematic because the Finalize method has a bug where it
doesn't release the underlying COM object (fixed in Whidbey). C# folks can
use the "using" construct.
Joe K.
"Ben Dewey" <ben.dewey@scientiae.com> wrote in message
news:%23bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...[color=blue]
> Fabrizio,
>
> Try to the usr.Invoke('SetPassword', new object[]{"new password"});
>
> or I actually use:
>
> using System;
> using System.DirectoryServices;
>
> using ActiveDs;
>
> public static void ChangePassword(string username, string password)
> {
> try
> {
> DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> LdapPassword);
> DirectorySearcher search = new DirectorySearcher(de,
> "(samAccountName=" + username+ ")");
> SearchResult result = search.FindOne();
> return new DsUser(result.GetDirectoryEntry());
> // Set Password and Enable Account
> IADsUser objUser = (IADsUser)user.NativeObject;
> objUser.SetPassword(password);
> }
> catch(Exception exp)
> {
> throw exp;
> }
> }
>
> This doesn't require you have know the old password and might help resolve
> your authetication issues. That is, assuming you are authenticating to AD
> successfully. Let me know if this helps. If not, What line are you[/color]
getting[color=blue]
> the error message on.
>
>
> "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=green]
> > (Sorry for the crosspost, but I really don't know which is the right
> > newsgroup!)
> > Hi all,
> >
> > I try to change the password to a user that as to change the password at
> > first logon:
> > try
> >
> > {
> >
> > DirectoryEntry de = new DirectoryEntry();
> >
> > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > AuthenticationTypes.Secure;
> >
> > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> >
> > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> >
> > de.Password = "fv";
> >
> > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> >
> > SearchResult sr = ds.FindOne();
> >
> > DirectoryEntry usr = sr.GetDirectoryEntry();
> >
> > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> >
> > usr.CommitChanges();
> >
> > }
> >
> > catch(Exception e)
> >
> > {
> >
> > Console.WriteLine(e.Message);
> >
> > }
> >
> > I an exception that says "Logon failure: unknown user name or bad[/color]
> password"[color=green]
> > and it seems to me that I have
> > no way neither to change the password nor to distinguish a wrong[/color]
> credential[color=green]
> > error from a an error due to a disabled account, a password expired.
> >
> > Do you have any suggestion to solve this problem.
> >
> > Thanks
> >
> > Fabrizio
> >
> >[/color]
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Thanks Ben,
If the user must change password at next logon I got the same exception
executing the following line:
SearchResult result = search.FindOne();
otherwise if the user is not forced to change password, I got a
System.UnauthorizedAccessException ("Access is denied.")
executing the following line of code:
objUser.SetPassword("newpassword");
This is different from using only DirectoryEntry:
DirectoryEntry de = new DirectoryEntry();
de.AuthenticationType = AuthenticationTypes.ServerBind |
AuthenticationTypes.Secure;
de.Path = "LDAP://10.0.50.20/cn=fv,cn=users,dc=newtesthp,dc=com";
de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
de.Password = "fv";
de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
de.CommitChanges();
If the user must change password at next logon I always got the same
exception (Logon failure: unknown user name or bad password)
executing the following line:
de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
otherwise if the user is not forced to change password, I am able to change
the password.
I think that the only solution is,on failure, to try to change the password
with NetUserChangePassword.
This is not what I liked to do but I don't see any other solution.
What do you think about it?
Fabrizio
"Ben Dewey" <ben.dewey@scientiae.com> wrote in message
news:#bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...[color=blue]
> Fabrizio,
>
> Try to the usr.Invoke('SetPassword', new object[]{"new password"});
>
> or I actually use:
>
> using System;
> using System.DirectoryServices;
>
> using ActiveDs;
>
> public static void ChangePassword(string username, string password)
> {
> try
> {
> DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> LdapPassword);
> DirectorySearcher search = new DirectorySearcher(de,
> "(samAccountName=" + username+ ")");
> SearchResult result = search.FindOne();
> return new DsUser(result.GetDirectoryEntry());
> // Set Password and Enable Account
> IADsUser objUser = (IADsUser)user.NativeObject;
> objUser.SetPassword(password);
> }
> catch(Exception exp)
> {
> throw exp;
> }
> }
>
> This doesn't require you have know the old password and might help resolve
> your authetication issues. That is, assuming you are authenticating to AD
> successfully. Let me know if this helps. If not, What line are you[/color]
getting[color=blue]
> the error message on.
>
>
> "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=green]
> > (Sorry for the crosspost, but I really don't know which is the right
> > newsgroup!)
> > Hi all,
> >
> > I try to change the password to a user that as to change the password at
> > first logon:
> > try
> >
> > {
> >
> > DirectoryEntry de = new DirectoryEntry();
> >
> > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > AuthenticationTypes.Secure;
> >
> > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> >
> > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> >
> > de.Password = "fv";
> >
> > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> >
> > SearchResult sr = ds.FindOne();
> >
> > DirectoryEntry usr = sr.GetDirectoryEntry();
> >
> > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> >
> > usr.CommitChanges();
> >
> > }
> >
> > catch(Exception e)
> >
> > {
> >
> > Console.WriteLine(e.Message);
> >
> > }
> >
> > I an exception that says "Logon failure: unknown user name or bad[/color]
> password"[color=green]
> > and it seems to me that I have
> > no way neither to change the password nor to distinguish a wrong[/color]
> credential[color=green]
> > error from a an error due to a disabled account, a password expired.
> >
> > Do you have any suggestion to solve this problem.
> >
> > Thanks
> >
> > Fabrizio
> >
> >[/color]
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Joe,
Along these lines, if you are using some ActiveDs Objects in C#, ie. SecUtil
and SecDescp Classes, what is the best way to dispose of them?
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OjV98C6NEHA.3348@TK2MSFTNGP09.phx.gbl...[color=blue]
> Also, you should really never bind to AD supplying credentials without
> adding AuthenticationTypes.Secure to your DirectoryEntry constructor.
> Otherwise you are using simple bind and credentials are passed in clear[/color]
text[color=blue]
> over the network.
>
> Additionally, it is always a good idea to call Dispose on all of the
> IDisposable S.DS classes, DirectoryEntry, DirectorySearcher and
> SearchResultCollection, or they will tend to leak memory. DirectoryEntry[/color]
is[color=blue]
> especially problematic because the Finalize method has a bug where it
> doesn't release the underlying COM object (fixed in Whidbey). C# folks[/color]
can[color=blue]
> use the "using" construct.
>
> Joe K.
>
> "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> news:%23bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...[color=green]
> > Fabrizio,
> >
> > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> >
> > or I actually use:
> >
> > using System;
> > using System.DirectoryServices;
> >
> > using ActiveDs;
> >
> > public static void ChangePassword(string username, string password)
> > {
> > try
> > {
> > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > LdapPassword);
> > DirectorySearcher search = new DirectorySearcher(de,
> > "(samAccountName=" + username+ ")");
> > SearchResult result = search.FindOne();
> > return new DsUser(result.GetDirectoryEntry());
> > // Set Password and Enable Account
> > IADsUser objUser = (IADsUser)user.NativeObject;
> > objUser.SetPassword(password);
> > }
> > catch(Exception exp)
> > {
> > throw exp;
> > }
> > }
> >
> > This doesn't require you have know the old password and might help[/color][/color]
resolve[color=blue][color=green]
> > your authetication issues. That is, assuming you are authenticating to[/color][/color]
AD[color=blue][color=green]
> > successfully. Let me know if this helps. If not, What line are you[/color]
> getting[color=green]
> > the error message on.
> >
> >
> > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > (Sorry for the crosspost, but I really don't know which is the right
> > > newsgroup!)
> > > Hi all,
> > >
> > > I try to change the password to a user that as to change the password[/color][/color][/color]
at[color=blue][color=green][color=darkred]
> > > first logon:
> > > try
> > >
> > > {
> > >
> > > DirectoryEntry de = new DirectoryEntry();
> > >
> > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > AuthenticationTypes.Secure;
> > >
> > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > >
> > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > >
> > > de.Password = "fv";
> > >
> > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > >
> > > SearchResult sr = ds.FindOne();
> > >
> > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > >
> > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > >
> > > usr.CommitChanges();
> > >
> > > }
> > >
> > > catch(Exception e)
> > >
> > > {
> > >
> > > Console.WriteLine(e.Message);
> > >
> > > }
> > >
> > > I an exception that says "Logon failure: unknown user name or bad[/color]
> > password"[color=darkred]
> > > and it seems to me that I have
> > > no way neither to change the password nor to distinguish a wrong[/color]
> > credential[color=darkred]
> > > error from a an error due to a disabled account, a password expired.
> > >
> > > Do you have any suggestion to solve this problem.
> > >
> > > Thanks
> > >
> > > Fabrizio
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
That is a good question which is probably better posed to the interop
newsgroup than anywhere else. My assumption is that that CCW takes care of
that for you, but I don't know for sure.
Joe K.
"Ben Dewey" <AspiringMVP@hotmail.com> wrote in message
news:e%23blmCCOEHA.540@TK2MSFTNGP11.phx.gbl...[color=blue]
> Joe,
>
> Along these lines, if you are using some ActiveDs Objects in C#, ie.[/color]
SecUtil[color=blue]
> and SecDescp Classes, what is the best way to dispose of them?
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:OjV98C6NEHA.3348@TK2MSFTNGP09.phx.gbl...[color=green]
> > Also, you should really never bind to AD supplying credentials without
> > adding AuthenticationTypes.Secure to your DirectoryEntry constructor.
> > Otherwise you are using simple bind and credentials are passed in clear[/color]
> text[color=green]
> > over the network.
> >
> > Additionally, it is always a good idea to call Dispose on all of the
> > IDisposable S.DS classes, DirectoryEntry, DirectorySearcher and
> > SearchResultCollection, or they will tend to leak memory.[/color][/color]
DirectoryEntry[color=blue]
> is[color=green]
> > especially problematic because the Finalize method has a bug where it
> > doesn't release the underlying COM object (fixed in Whidbey). C# folks[/color]
> can[color=green]
> > use the "using" construct.
> >
> > Joe K.
> >
> > "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> > news:%23bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...[color=darkred]
> > > Fabrizio,
> > >
> > > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> > >
> > > or I actually use:
> > >
> > > using System;
> > > using System.DirectoryServices;
> > >
> > > using ActiveDs;
> > >
> > > public static void ChangePassword(string username, string password)
> > > {
> > > try
> > > {
> > > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > > LdapPassword);
> > > DirectorySearcher search = new DirectorySearcher(de,
> > > "(samAccountName=" + username+ ")");
> > > SearchResult result = search.FindOne();
> > > return new DsUser(result.GetDirectoryEntry());
> > > // Set Password and Enable Account
> > > IADsUser objUser = (IADsUser)user.NativeObject;
> > > objUser.SetPassword(password);
> > > }
> > > catch(Exception exp)
> > > {
> > > throw exp;
> > > }
> > > }
> > >
> > > This doesn't require you have know the old password and might help[/color][/color]
> resolve[color=green][color=darkred]
> > > your authetication issues. That is, assuming you are authenticating[/color][/color][/color]
to[color=blue]
> AD[color=green][color=darkred]
> > > successfully. Let me know if this helps. If not, What line are you[/color]
> > getting[color=darkred]
> > > the error message on.
> > >
> > >
> > > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...
> > > > (Sorry for the crosspost, but I really don't know which is the right
> > > > newsgroup!)
> > > > Hi all,
> > > >
> > > > I try to change the password to a user that as to change the[/color][/color][/color]
password[color=blue]
> at[color=green][color=darkred]
> > > > first logon:
> > > > try
> > > >
> > > > {
> > > >
> > > > DirectoryEntry de = new DirectoryEntry();
> > > >
> > > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > > AuthenticationTypes.Secure;
> > > >
> > > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > > >
> > > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > > >
> > > > de.Password = "fv";
> > > >
> > > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > > >
> > > > SearchResult sr = ds.FindOne();
> > > >
> > > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > > >
> > > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > > >
> > > > usr.CommitChanges();
> > > >
> > > > }
> > > >
> > > > catch(Exception e)
> > > >
> > > > {
> > > >
> > > > Console.WriteLine(e.Message);
> > > >
> > > > }
> > > >
> > > > I an exception that says "Logon failure: unknown user name or bad
> > > password"
> > > > and it seems to me that I have
> > > > no way neither to change the password nor to distinguish a wrong
> > > credential
> > > > error from a an error due to a disabled account, a password expired.
> > > >
> > > > Do you have any suggestion to solve this problem.
> > > >
> > > > Thanks
> > > >
> > > > Fabrizio
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color] | | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
SetPassword requires the Reset Password permission which is usually only
given out to Admins and Account Operators. ChangePassword is usually given
to regulars users for their own objects.
Unfortunately, ADSI won't let you bind with a user's credentials if they
need to change the password at next login, so I don't think you can use ADSI
to do what you want to do.
Joe K.
"Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
news:uYDJiABOEHA.2468@TK2MSFTNGP11.phx.gbl...[color=blue]
> Thanks Ben,
> If the user must change password at next logon I got the same exception
> executing the following line:
> SearchResult result = search.FindOne();
> otherwise if the user is not forced to change password, I got a
> System.UnauthorizedAccessException ("Access is denied.")
> executing the following line of code:
> objUser.SetPassword("newpassword");
>
> This is different from using only DirectoryEntry:
> DirectoryEntry de = new DirectoryEntry();
> de.AuthenticationType = AuthenticationTypes.ServerBind |
> AuthenticationTypes.Secure;
> de.Path = "LDAP://10.0.50.20/cn=fv,cn=users,dc=newtesthp,dc=com";
> de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> de.Password = "fv";
> de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> de.CommitChanges();
> If the user must change password at next logon I always got the same
> exception (Logon failure: unknown user name or bad password)
> executing the following line:
> de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> otherwise if the user is not forced to change password, I am able to[/color]
change[color=blue]
> the password.
>
> I think that the only solution is,on failure, to try to change the[/color]
password[color=blue]
> with NetUserChangePassword.
> This is not what I liked to do but I don't see any other solution.
> What do you think about it?
>
> Fabrizio
>
>
>
>
> "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> news:#bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...[color=green]
> > Fabrizio,
> >
> > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> >
> > or I actually use:
> >
> > using System;
> > using System.DirectoryServices;
> >
> > using ActiveDs;
> >
> > public static void ChangePassword(string username, string password)
> > {
> > try
> > {
> > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > LdapPassword);
> > DirectorySearcher search = new DirectorySearcher(de,
> > "(samAccountName=" + username+ ")");
> > SearchResult result = search.FindOne();
> > return new DsUser(result.GetDirectoryEntry());
> > // Set Password and Enable Account
> > IADsUser objUser = (IADsUser)user.NativeObject;
> > objUser.SetPassword(password);
> > }
> > catch(Exception exp)
> > {
> > throw exp;
> > }
> > }
> >
> > This doesn't require you have know the old password and might help[/color][/color]
resolve[color=blue][color=green]
> > your authetication issues. That is, assuming you are authenticating to[/color][/color]
AD[color=blue][color=green]
> > successfully. Let me know if this helps. If not, What line are you[/color]
> getting[color=green]
> > the error message on.
> >
> >
> > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > (Sorry for the crosspost, but I really don't know which is the right
> > > newsgroup!)
> > > Hi all,
> > >
> > > I try to change the password to a user that as to change the password[/color][/color][/color]
at[color=blue][color=green][color=darkred]
> > > first logon:
> > > try
> > >
> > > {
> > >
> > > DirectoryEntry de = new DirectoryEntry();
> > >
> > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > AuthenticationTypes.Secure;
> > >
> > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > >
> > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > >
> > > de.Password = "fv";
> > >
> > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > >
> > > SearchResult sr = ds.FindOne();
> > >
> > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > >
> > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > >
> > > usr.CommitChanges();
> > >
> > > }
> > >
> > > catch(Exception e)
> > >
> > > {
> > >
> > > Console.WriteLine(e.Message);
> > >
> > > }
> > >
> > > I an exception that says "Logon failure: unknown user name or bad[/color]
> > password"[color=darkred]
> > > and it seems to me that I have
> > > no way neither to change the password nor to distinguish a wrong[/color]
> > credential[color=darkred]
> > > error from a an error due to a disabled account, a password expired.
> > >
> > > Do you have any suggestion to solve this problem.
> > >
> > > Thanks
> > >
> > > Fabrizio
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Ciao Joe,
What can I use beside NetUserChangePassword?
Fabrizio
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eA5vlYDOEHA.3452@TK2MSFTNGP10.phx.gbl...[color=blue]
> SetPassword requires the Reset Password permission which is usually only
> given out to Admins and Account Operators. ChangePassword is usually[/color]
given[color=blue]
> to regulars users for their own objects.
>
> Unfortunately, ADSI won't let you bind with a user's credentials if they
> need to change the password at next login, so I don't think you can use[/color]
ADSI[color=blue]
> to do what you want to do.
>
> Joe K.
>
> "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> news:uYDJiABOEHA.2468@TK2MSFTNGP11.phx.gbl...[color=green]
> > Thanks Ben,
> > If the user must change password at next logon I got the same exception
> > executing the following line:
> > SearchResult result = search.FindOne();
> > otherwise if the user is not forced to change password, I got a
> > System.UnauthorizedAccessException ("Access is denied.")
> > executing the following line of code:
> > objUser.SetPassword("newpassword");
> >
> > This is different from using only DirectoryEntry:
> > DirectoryEntry de = new DirectoryEntry();
> > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > AuthenticationTypes.Secure;
> > de.Path = "LDAP://10.0.50.20/cn=fv,cn=users,dc=newtesthp,dc=com";
> > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > de.Password = "fv";
> > de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> > de.CommitChanges();
> > If the user must change password at next logon I always got the same
> > exception (Logon failure: unknown user name or bad password)
> > executing the following line:
> > de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> > otherwise if the user is not forced to change password, I am able to[/color]
> change[color=green]
> > the password.
> >
> > I think that the only solution is,on failure, to try to change the[/color]
> password[color=green]
> > with NetUserChangePassword.
> > This is not what I liked to do but I don't see any other solution.
> > What do you think about it?
> >
> > Fabrizio
> >
> >
> >
> >
> > "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> > news:#bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...[color=darkred]
> > > Fabrizio,
> > >
> > > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> > >
> > > or I actually use:
> > >
> > > using System;
> > > using System.DirectoryServices;
> > >
> > > using ActiveDs;
> > >
> > > public static void ChangePassword(string username, string password)
> > > {
> > > try
> > > {
> > > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > > LdapPassword);
> > > DirectorySearcher search = new DirectorySearcher(de,
> > > "(samAccountName=" + username+ ")");
> > > SearchResult result = search.FindOne();
> > > return new DsUser(result.GetDirectoryEntry());
> > > // Set Password and Enable Account
> > > IADsUser objUser = (IADsUser)user.NativeObject;
> > > objUser.SetPassword(password);
> > > }
> > > catch(Exception exp)
> > > {
> > > throw exp;
> > > }
> > > }
> > >
> > > This doesn't require you have know the old password and might help[/color][/color]
> resolve[color=green][color=darkred]
> > > your authetication issues. That is, assuming you are authenticating[/color][/color][/color]
to[color=blue]
> AD[color=green][color=darkred]
> > > successfully. Let me know if this helps. If not, What line are you[/color]
> > getting[color=darkred]
> > > the error message on.
> > >
> > >
> > > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...
> > > > (Sorry for the crosspost, but I really don't know which is the right
> > > > newsgroup!)
> > > > Hi all,
> > > >
> > > > I try to change the password to a user that as to change the[/color][/color][/color]
password[color=blue]
> at[color=green][color=darkred]
> > > > first logon:
> > > > try
> > > >
> > > > {
> > > >
> > > > DirectoryEntry de = new DirectoryEntry();
> > > >
> > > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > > AuthenticationTypes.Secure;
> > > >
> > > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > > >
> > > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > > >
> > > > de.Password = "fv";
> > > >
> > > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > > >
> > > > SearchResult sr = ds.FindOne();
> > > >
> > > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > > >
> > > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > > >
> > > > usr.CommitChanges();
> > > >
> > > > }
> > > >
> > > > catch(Exception e)
> > > >
> > > > {
> > > >
> > > > Console.WriteLine(e.Message);
> > > >
> > > > }
> > > >
> > > > I an exception that says "Logon failure: unknown user name or bad
> > > password"
> > > > and it seems to me that I have
> > > > no way neither to change the password nor to distinguish a wrong
> > > credential
> > > > error from a an error due to a disabled account, a password expired.
> > > >
> > > > Do you have any suggestion to solve this problem.
> > > >
> > > > Thanks
> > > >
> > > > Fabrizio
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
That is a good question. I imagine there is a way to do this through the
SSPI API, but I honestly don't know what you are supposed to do in this case
except actually log into Windows and let it tell you that you have to change
your password.
NetUserChangePassword may be hard to pull off from a web application too due
to the security context requirements.
Maybe someone else has a good idea?
Joe K.
"Fabrizio Viggiani" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in
message news:40a33a70@usenet01.boi.hp.com...[color=blue]
> Ciao Joe,
>
> What can I use beside NetUserChangePassword?
>
> Fabrizio
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:eA5vlYDOEHA.3452@TK2MSFTNGP10.phx.gbl...[color=green]
> > SetPassword requires the Reset Password permission which is usually only
> > given out to Admins and Account Operators. ChangePassword is usually[/color]
> given[color=green]
> > to regulars users for their own objects.
> >
> > Unfortunately, ADSI won't let you bind with a user's credentials if they
> > need to change the password at next login, so I don't think you can use[/color]
> ADSI[color=green]
> > to do what you want to do.
> >
> > Joe K.
> >
> > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > news:uYDJiABOEHA.2468@TK2MSFTNGP11.phx.gbl...[color=darkred]
> > > Thanks Ben,
> > > If the user must change password at next logon I got the same[/color][/color][/color]
exception[color=blue][color=green][color=darkred]
> > > executing the following line:
> > > SearchResult result = search.FindOne();
> > > otherwise if the user is not forced to change password, I got a
> > > System.UnauthorizedAccessException ("Access is denied.")
> > > executing the following line of code:
> > > objUser.SetPassword("newpassword");
> > >
> > > This is different from using only DirectoryEntry:
> > > DirectoryEntry de = new DirectoryEntry();
> > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > AuthenticationTypes.Secure;
> > > de.Path = "LDAP://10.0.50.20/cn=fv,cn=users,dc=newtesthp,dc=com";
> > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > > de.Password = "fv";
> > > de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> > > de.CommitChanges();
> > > If the user must change password at next logon I always got the same
> > > exception (Logon failure: unknown user name or bad password)
> > > executing the following line:
> > > de.Invoke("changepassword",new object[]{"fv","q1w2q1w2q1"});
> > > otherwise if the user is not forced to change password, I am able to[/color]
> > change[color=darkred]
> > > the password.
> > >
> > > I think that the only solution is,on failure, to try to change the[/color]
> > password[color=darkred]
> > > with NetUserChangePassword.
> > > This is not what I liked to do but I don't see any other solution.
> > > What do you think about it?
> > >
> > > Fabrizio
> > >
> > >
> > >
> > >
> > > "Ben Dewey" <ben.dewey@scientiae.com> wrote in message
> > > news:#bTbma4NEHA.556@TK2MSFTNGP10.phx.gbl...
> > > > Fabrizio,
> > > >
> > > > Try to the usr.Invoke('SetPassword', new object[]{"new password"});
> > > >
> > > > or I actually use:
> > > >
> > > > using System;
> > > > using System.DirectoryServices;
> > > >
> > > > using ActiveDs;
> > > >
> > > > public static void ChangePassword(string username, string password)
> > > > {
> > > > try
> > > > {
> > > > DirectoryEntry de = new DirectoryEntry(LdapPath, LdapUser,
> > > > LdapPassword);
> > > > DirectorySearcher search = new DirectorySearcher(de,
> > > > "(samAccountName=" + username+ ")");
> > > > SearchResult result = search.FindOne();
> > > > return new DsUser(result.GetDirectoryEntry());
> > > > // Set Password and Enable Account
> > > > IADsUser objUser = (IADsUser)user.NativeObject;
> > > > objUser.SetPassword(password);
> > > > }
> > > > catch(Exception exp)
> > > > {
> > > > throw exp;
> > > > }
> > > > }
> > > >
> > > > This doesn't require you have know the old password and might help[/color]
> > resolve[color=darkred]
> > > > your authetication issues. That is, assuming you are authenticating[/color][/color]
> to[color=green]
> > AD[color=darkred]
> > > > successfully. Let me know if this helps. If not, What line are you
> > > getting
> > > > the error message on.
> > > >
> > > >
> > > > "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> > > > news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...
> > > > > (Sorry for the crosspost, but I really don't know which is the[/color][/color][/color]
right[color=blue][color=green][color=darkred]
> > > > > newsgroup!)
> > > > > Hi all,
> > > > >
> > > > > I try to change the password to a user that as to change the[/color][/color]
> password[color=green]
> > at[color=darkred]
> > > > > first logon:
> > > > > try
> > > > >
> > > > > {
> > > > >
> > > > > DirectoryEntry de = new DirectoryEntry();
> > > > >
> > > > > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > > > > AuthenticationTypes.Secure;
> > > > >
> > > > > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> > > > >
> > > > > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> > > > >
> > > > > de.Password = "fv";
> > > > >
> > > > > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> > > > >
> > > > > SearchResult sr = ds.FindOne();
> > > > >
> > > > > DirectoryEntry usr = sr.GetDirectoryEntry();
> > > > >
> > > > > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> > > > >
> > > > > usr.CommitChanges();
> > > > >
> > > > > }
> > > > >
> > > > > catch(Exception e)
> > > > >
> > > > > {
> > > > >
> > > > > Console.WriteLine(e.Message);
> > > > >
> > > > > }
> > > > >
> > > > > I an exception that says "Logon failure: unknown user name or bad
> > > > password"
> > > > > and it seems to me that I have
> > > > > no way neither to change the password nor to distinguish a wrong
> > > > credential
> > > > > error from a an error due to a disabled account, a password[/color][/color][/color]
expired.[color=blue][color=green][color=darkred]
> > > > >
> > > > > Do you have any suggestion to solve this problem.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Fabrizio
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Forgot to mention, I'm using ADAM here. Anyone?
"Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=blue]
> (Sorry for the crosspost, but I really don't know which is the right
> newsgroup!)
> Hi all,
>
> I try to change the password to a user that as to change the password at
> first logon:
> try
>
> {
>
> DirectoryEntry de = new DirectoryEntry();
>
> de.AuthenticationType = AuthenticationTypes.ServerBind |
> AuthenticationTypes.Secure;
>
> de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
>
> de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
>
> de.Password = "fv";
>
> DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
>
> SearchResult sr = ds.FindOne();
>
> DirectoryEntry usr = sr.GetDirectoryEntry();
>
> usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
>
> usr.CommitChanges();
>
> }
>
> catch(Exception e)
>
> {
>
> Console.WriteLine(e.Message);
>
> }
>
> I an exception that says "Logon failure: unknown user name or bad[/color]
password"[color=blue]
> and it seems to me that I have
> no way neither to change the password nor to distinguish a wrong[/color]
credential[color=blue]
> error from a an error due to a disabled account, a password expired.
>
> Do you have any suggestion to solve this problem.
>
> Thanks
>
> Fabrizio
>
>[/color]
| | | | re: Changing Password to an account that has to change password at first logon using System.DirectoryServices
Oops sorry.., posted to wrong question.
"Henry" <ignhenry@hotmail.com> wrote in message
news:uwNsJQ3XEHA.2908@TK2MSFTNGP10.phx.gbl...[color=blue]
> Forgot to mention, I'm using ADAM here. Anyone?
>
> "Fabrizio" <xxxfabrizio_viggianixxx@xxxhotmail.com> wrote in message
> news:eL6C833NEHA.680@TK2MSFTNGP11.phx.gbl...[color=green]
> > (Sorry for the crosspost, but I really don't know which is the right
> > newsgroup!)
> > Hi all,
> >
> > I try to change the password to a user that as to change the password at
> > first logon:
> > try
> >
> > {
> >
> > DirectoryEntry de = new DirectoryEntry();
> >
> > de.AuthenticationType = AuthenticationTypes.ServerBind |
> > AuthenticationTypes.Secure;
> >
> > de.Path = "LDAP://10.0.50.20/cn=users,dc=newtesthp,dc=com";
> >
> > de.Username = "cn=fv,cn=users,dc=newtesthp,dc=com";
> >
> > de.Password = "fv";
> >
> > DirectorySearcher ds = new DirectorySearcher(de, "cn=fv");
> >
> > SearchResult sr = ds.FindOne();
> >
> > DirectoryEntry usr = sr.GetDirectoryEntry();
> >
> > usr.Invoke("ChangePassword",new object[]{"fv","12345qwert"});
> >
> > usr.CommitChanges();
> >
> > }
> >
> > catch(Exception e)
> >
> > {
> >
> > Console.WriteLine(e.Message);
> >
> > }
> >
> > I an exception that says "Logon failure: unknown user name or bad[/color]
> password"[color=green]
> > and it seems to me that I have
> > no way neither to change the password nor to distinguish a wrong[/color]
> credential[color=green]
> > error from a an error due to a disabled account, a password expired.
> >
> > Do you have any suggestion to solve this problem.
> >
> > Thanks
> >
> > Fabrizio
> >
> >[/color]
>
>[/color]
|  |
Similar C# / C Sharp bytes | | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 226,471 network members.
|
