OK, I have code that I used in a standard windows app
that would create an account and then set the password.
I have taken that code and am using it in a Web App.
Here's the code:
user.CommitChanges();
user.Properties["userAccountControl"].Value = 0x200; //Normal user
user.Invoke("SetPassword", new object[] {szPassword});
//szPassword is a randomly generated complex password.
user.CommitChanges();
The code errors out on the user.Invoke line with an error of "The network
path was not found". Since I just created the account in AD and have
verified
that the account is there, I don't get why I am getting that error.
If anyone has any thoughts they would be appreciated.
9  5927 
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:CB**********************************@microsof t.com...
OK, I have code that I used in a standard windows app
that would create an account and then set the password.
I have taken that code and am using it in a Web App.
Here's the code:
user.CommitChanges();
user.Properties["userAccountControl"].Value = 0x200; //Normal user
user.Invoke("SetPassword", new object[] {szPassword});
//szPassword is a randomly generated complex password.
user.CommitChanges();
The code errors out on the user.Invoke line with an error of "The network
path was not found". Since I just created the account in AD and have
verified
that the account is there, I don't get why I am getting that error.
If anyone has any thoughts they would be appreciated.
Make sure you are binding securely to the directory object using
"AuthenticationTypes.Secure".
Willy.
Will,
Thanks. I am definitely connecting with AuthenticationTypes.Secure.
Could it be the level of .NET?
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:CB**********************************@microsof t.com...
OK, I have code that I used in a standard windows app
that would create an account and then set the password.
I have taken that code and am using it in a Web App.
Here's the code:
user.CommitChanges();
user.Properties["userAccountControl"].Value = 0x200; //Normal user
user.Invoke("SetPassword", new object[] {szPassword});
//szPassword is a randomly generated complex password.
user.CommitChanges();
The code errors out on the user.Invoke line with an error of "The network
path was not found". Since I just created the account in AD and have
verified
that the account is there, I don't get why I am getting that error.
If anyone has any thoughts they would be appreciated.
Make sure you are binding securely to the directory object using
"AuthenticationTypes.Secure".
Willy.
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:3A**********************************@microsof t.com...
Will,
Thanks. I am definitely connecting with AuthenticationTypes.Secure.
Could it be the level of .NET?
Guess not.
How does your objectpath looks like (LDAP://....), please specy whether the server name is a
domain name or a DC name.
Is the client (machine) a member of the AD domain you are binding to?
What's the exact callers context, is this called from a console or a Windows application or
something else?
What's the exact Exception message and if possible post a stack trace.
What happens when you don't set the password, are the objects created?
Willy.
Willy,
This is a Web App as I stated initially. The user does get created but is
disabled. No problems there.
DirectoryEntry parent = new DirectoryEntry(
"LDAP://dc.mydomain.local/OU=MyOU,DC=mydomain,DC=local",
szUsername,
szPassword,
AuthenticationTypes.Secure);
DirectoryEntry user = parent.Children.Add("CN=" + szFName + " " + szLName,
"user");
using(user)
{
....Set properties...
user.CommitChanges();
AdsUserFlags newValue = AdsUserFlags.NormalAccount;
user.Properties["userAccountControl"].Value = newValue;
user.Invoke("SetPassword", new object[]{szPassword});
user.CommitChanges();
user.Dispose();
parent.Dispose();
}
The client is NOT a member of the domain. This code did work when it
was a Windows App.
Here are the errors:
ex.Message: Reason: Exception has been thrown by the target of an invocation.
ex.InnerException.Message: The network path was not found.
Thanks for the help.
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:3A**********************************@microsof t.com...
Will,
Thanks. I am definitely connecting with AuthenticationTypes.Secure.
Could it be the level of .NET?
Guess not.
How does your objectpath looks like (LDAP://....), please specy whether the server name is a
domain name or a DC name.
Is the client (machine) a member of the AD domain you are binding to?
What's the exact callers context, is this called from a console or a Windows application or
something else?
What's the exact Exception message and if possible post a stack trace.
What happens when you don't set the password, are the objects created?
Willy.
Willy,
I forgot to include the stack trace.
" at System.RuntimeType.InvokeDispMethod(String name,
BindingFlags invokeAttr, Object target, Object[] args,
Boolean[] byrefModifiers, Int32 culture,
String[] namedParameters)\r\n
at System.RuntimeType.InvokeMember(String name,
BindingFlags invokeAttr, Binder binder, Object target,
Object[] args, ParameterModifier[] modifiers,
CultureInfo culture, String[] namedParameters)\r\n
at System.Type.InvokeMember(String name, BindingFlags
invokeAttr, Binder binder, Object target,
Object[] args)\r\n
at System.DirectoryServices.DirectoryEntry.Invoke
(String methodName, Object[] args)\r\n
at Project.FormName.btnCreateUser_ServerClick
(Object sender, EventArgs e) in
h:\\inetpub\\wwwroot\\Project\\secure\\FormName.as px.cs:line 166"
Line 166 is the line where the password is set.
I hope that this helps.
"Joe" wrote:
Willy,
This is a Web App as I stated initially. The user does get created but is
disabled. No problems there.
DirectoryEntry parent = new DirectoryEntry(
"LDAP://dc.mydomain.local/OU=MyOU,DC=mydomain,DC=local",
szUsername,
szPassword,
AuthenticationTypes.Secure);
DirectoryEntry user = parent.Children.Add("CN=" + szFName + " " + szLName,
"user");
using(user)
{
...Set properties...
user.CommitChanges();
AdsUserFlags newValue = AdsUserFlags.NormalAccount;
user.Properties["userAccountControl"].Value = newValue;
user.Invoke("SetPassword", new object[]{szPassword});
user.CommitChanges();
user.Dispose();
parent.Dispose();
}
The client is NOT a member of the domain. This code did work when it
was a Windows App.
Here are the errors:
ex.Message: Reason: Exception has been thrown by the target of an invocation.
ex.InnerException.Message: The network path was not found.
Thanks for the help.
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:3A**********************************@microsof t.com...
Will,
>
Thanks. I am definitely connecting with AuthenticationTypes.Secure.
>
Could it be the level of .NET?
Guess not.
How does your objectpath looks like (LDAP://....), please specy whether the server name is a
domain name or a DC name.
Is the client (machine) a member of the AD domain you are binding to?
What's the exact callers context, is this called from a console or a Windows application or
something else?
What's the exact Exception message and if possible post a stack trace.
What happens when you don't set the password, are the objects created?
Willy.
See inline...
Willy.
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:3D**********************************@microsof t.com...
Willy,
This is a Web App as I stated initially. The user does get created but is
disabled. No problems there.
Right, but this doesn't tell me about the "security context" of the web application.
Anyhow, I assume it's running in a restricted account (network service or aspnet) right?
You don't use SSL to bind, and as this runs from a server which is not a domain member (a
BAD thing if you ask me), Kerberos cannot be used to pass the password in a secured way
either.
That means that "SetPassword" will try Win32 API "NetUserSetInfo" to change the users
password. Now, this one fails when the current user is not an administrator on the DC. So I
guess it works from a windows application started from a session which runs with
administrative privileges on the DC.
One solution is to use SSL with server certificates, or delegate the AD access stuff to a
COM+ server style application which runs as a Domain administrator, note that the latter
will need to be a "shadow account" as you are running this on a non-domain member.
DirectoryEntry parent = new DirectoryEntry(
"LDAP://dc.mydomain.local/OU=MyOU,DC=mydomain,DC=local",
szUsername,
szPassword,
AuthenticationTypes.Secure);
DirectoryEntry user = parent.Children.Add("CN=" + szFName + " " + szLName,
"user");
using(user)
{
...Set properties...
user.CommitChanges();
AdsUserFlags newValue = AdsUserFlags.NormalAccount;
user.Properties["userAccountControl"].Value = newValue;
user.Invoke("SetPassword", new object[]{szPassword});
user.CommitChanges();
user.Dispose();
parent.Dispose();
}
The client is NOT a member of the domain. This code did work when it
was a Windows App.
Here are the errors:
ex.Message: Reason: Exception has been thrown by the target of an invocation.
ex.InnerException.Message: The network path was not found.
Weird thing, this InnerException....
Willy.
Willy,
I misunderstood the question. The development box is not a part of the
domain,
but when I run it on the webserver within the domain the error is: Access is
denied.
The account has full admin access.
I just want to verify that the code I am using does not have an error in it
that I am
not seeing.
Thanks.
See inline...
Willy.
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:3D**********************************@microsof t.com...
Willy,
This is a Web App as I stated initially. The user does get created but is
disabled. No problems there.
Right, but this doesn't tell me about the "security context" of the web application.
Anyhow, I assume it's running in a restricted account (network service or aspnet) right?
You don't use SSL to bind, and as this runs from a server which is not a domain member (a
BAD thing if you ask me), Kerberos cannot be used to pass the password in a secured way
either.
That means that "SetPassword" will try Win32 API "NetUserSetInfo" to change the users
password. Now, this one fails when the current user is not an administrator on the DC. So I
guess it works from a windows application started from a session which runs with
administrative privileges on the DC.
One solution is to use SSL with server certificates, or delegate the AD access stuff to a
COM+ server style application which runs as a Domain administrator, note that the latter
will need to be a "shadow account" as you are running this on a non-domain member.
DirectoryEntry parent = new DirectoryEntry(
"LDAP://dc.mydomain.local/OU=MyOU,DC=mydomain,DC=local",
szUsername,
szPassword,
AuthenticationTypes.Secure);
DirectoryEntry user = parent.Children.Add("CN=" + szFName + " " + szLName,
"user");
using(user)
{
...Set properties...
user.CommitChanges();
AdsUserFlags newValue = AdsUserFlags.NormalAccount;
user.Properties["userAccountControl"].Value = newValue;
user.Invoke("SetPassword", new object[]{szPassword});
user.CommitChanges();
user.Dispose();
parent.Dispose();
}
The client is NOT a member of the domain. This code did work when it
was a Windows App.
Here are the errors:
ex.Message: Reason: Exception has been thrown by the target of an invocation.
ex.InnerException.Message: The network path was not found.
Weird thing, this InnerException....
Willy.
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:41**********************************@microsof t.com...
Willy,
I misunderstood the question. The development box is not a part of the
domain,
but when I run it on the webserver within the domain the error is: Access is
denied.
The account has full admin access.
I just want to verify that the code I am using does not have an error in it
that I am
not seeing.
No there is no error in it.
When you run this from a member server you need to make sure that the account specified when
binding has appropriate rights to "Set/Change" the users password.
Following code, will reset the users password ...
private static void SetPassword(string userPath)
{
using (DirectoryEntry userEntry = new DirectoryEntry(userPath, bindUser, bindPwd
,AuthenticationTypes.Secure | AuthenticationTypes.ServerBind
))
try
{
entry.Invoke("SetPassword", new object[]
{"xxxkhljhghg"});
}
catch (TargetInvocationException ex)
{
throw ex.InnerException;
}
}
given a userPath that points to a user object, and that bindUser and bindPwd refers to a
domain admin.
Willy.
Willy,
I think I found the error. I haven't corrected it yet, but at least it
gives me a
place to look.
I am seeing this error whenever I try to set the password.
"Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this."
"Joe" <Jo*@discussions.microsoft.comwrote in message
news:41**********************************@microsof t.com...
Willy,
I misunderstood the question. The development box is not a part of the
domain,
but when I run it on the webserver within the domain the error is: Access is
denied.
The account has full admin access.
I just want to verify that the code I am using does not have an error in it
that I am
not seeing.
No there is no error in it.
When you run this from a member server you need to make sure that the account specified when
binding has appropriate rights to "Set/Change" the users password.
Following code, will reset the users password ...
private static void SetPassword(string userPath)
{
using (DirectoryEntry userEntry = new DirectoryEntry(userPath, bindUser, bindPwd
,AuthenticationTypes.Secure | AuthenticationTypes.ServerBind
))
try
{
entry.Invoke("SetPassword", new object[]
{"xxxkhljhghg"});
}
catch (TargetInvocationException ex)
{
throw ex.InnerException;
}
}
given a userPath that points to a user object, and that bindUser and bindPwd refers to a
domain admin.
Willy.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: John |
last post by:
Hello.
If I want to set up my first database and start using it in
Dreamweaver what do I need to do?
The book I'm working on has a CD with the database on. It is telling
me to put it in the...
|
by: Nathan Sokalski |
last post by:
I recently downloaded and installed (hopefully correctly) MSDE 2000 Release
A. I previously, and still do, have the version of IIS that comes with XP
Professional installed on my computer. I wanted...
|
by: Mark |
last post by:
Hi All,
This maybe a really simple question but I need some help. I have been
having problems with security and thanks to the help received from a reply
to an earlier post, I have found a...
|
by: Dave |
last post by:
Hi,
I've read quite a few places where it recommends you use
integrated security in your connection string to SQL
Server
I tried this in test page to connect to the Northwind
database by...
|
by: splicemix |
last post by:
Hi all,
I have recently set up a Drupal website. I am a beginner. My shared
host server does not allow nobody@localhost to send emails, and
prevents access to php.ini, so I spent some time...
|
by: Martin |
last post by:
How does one set up basic authentication on an HttpListener? I know I need to
set the HttpListener.AuthenticationSchemes to AuthenticationSchemes.Basic but
then I'm unsure how and against what...
|
by: Sridhar |
last post by:
HI,
I am having problems setting up a website so that it will be available
only inside the domain. We have three servers. One is iis server and second
one is internal server and the third one is...
|
by: Bob |
last post by:
I'm just starting PHP and MySQL - and really like the book by Welling
and Thomsom.
I've installed MySQL on my WinXP desktop, along with Apache and PHP. I
have not figured out how to set a...
|
by: avcitamer |
last post by:
We upgraded our system and problem below occured, pleas help me...
Windows 2003 server SP1
When I set a decimal DB field value to "123,32" (using
ADODB.recordset ) updated value was ok (123.32)...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
