Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

Almost solved - Change Windows User Password through ASP

Hello there.
I want to be able to change the password of a Windows User through an ASP page using VBscript or Javascript. The idea is the user to give in three text boxes the username, the old password and the new password. If the old is correct the new must replace the old.
As a hint I give you the code I use to create users:

vbs file:
**************************************************
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objRootDSE = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://cn=Users," & _
objRootDSE.Get("defaultNamingContext"))

Set objLeaf = objContainer.Create("User", "cn=cup34_1")
objLeaf.Put "sAMAccountName", "cup34_1"
objLeaf.SetInfo
objLeaf.SetPassword "genesis1980"
objLeaf.Put "userPrincipalName", "cup34_1@genesis.com"
objLeaf.Put "userAccountControl",ADS_UF_DONT_EXPIRE_PASSWD
objLeaf.SetInfo
**************************************************
0
chrispkotsiopoulos
Asked:
chrispkotsiopoulos
  • 4
  • 3
1 Solution
 
chrispkotsiopoulosAuthor Commented:
Or the next best thing is someone to tell me why the .vbs below doesn't work:

Set usr = GetObject("LDAP://cn=foobar,cn=Users,dc=Microsoft,dc=com")
usr.SetPassword "topsecret98"
WScript.Echo "Password Changed!"

In order to run the above you have to be in front of a Domain Controler Win 2000 Server machine in the Active Directory.
0
 
chrispkotsiopoulosAuthor Commented:
I found a vbs script that does the job:
***********************************
Dim UserName
Dim UserDomain
UserDomain = InputBox("Enter the user's login domain name")
UserName = InputBox("Enter the user's login name")
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName &"",user)

Dim NewPassword
NewPassword = InputBox("Enter new password")
Call User.SetPassword(NewPassword)

If err.number = 0 Then
    Wscript.Echo "The password change was successful."
Else
    Wscript.Echo "The password change failed!"
End if
***********************************

I tried to implement it in ASP like this:
change_passw1.htm:

***********************************
<form method="get" action="changepassword2.asp">
First Name: <input type="text" name="myusername">
<br />
Last Name: <input type="text" name="mypassword">
<br /><br />
<input type="submit" value="Submit">
</form>
***********************************

change_password2.asp:
***********************************
<body>
<%
Dim UserName
Dim UserDomain
UserDomain = "ariadni.gr"
UserName = request.querystring("myusername")
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName &"",user)

Dim NewPassword
NewPassword = request.querystring("mypassword")

Call User.SetPassword(NewPassword)

If err.number = 0 Then
    Response.Write "The password change was successful."
Else
    Response.Write "The password change failed!"
End if
%>
</body>
***********************************

The problem is that I receive the following error message:
Active Directory error '80070005'
General access denied error
/kep/change_password2.asp, line 13

What's wrong with it?

I'm tired talking to myself...
0
 
lavinderCommented:
Hi chris

 ASP runs under account of machine user and that user does not has any right to modify the properties of any user. Therefore you get this error 80070005, which means : The user has insufficient access right.
 
 Therefore i suggest either you:

1) allow the machine user account permission to modify user properties (risky !!)
2) login with administrator's login and password, (OpenDSObject method) and change the password of user.

cheers!!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
lavinderCommented:
0
 
chrispkotsiopoulosAuthor Commented:
If I use javaScript instead of ASP will I solve the 'access denied' error?
0
 
lavinderCommented:
nope (answer to your last post)
0
 
chrispkotsiopoulosAuthor Commented:
Well...
I found it at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/passwords.asp

and I improve it like this:

***********************************
ChangePasswordEntry.asp

<%@ Language=VBScript %>

<HTML>
<HEAD>
</HEAD>

<SCRIPT>
function validate()
{
     if (document.frmLogin.txtNewPassword2.value!=document.frmLogin.txtNewPassword.value)
     {
       alert("Ïé êùäéêïß ðïõ Ýäùóåò äåí ôáéñéÜæïõí.")
       return false
     }

     return true
}
</SCRIPT>

<BODY>
<H1 align=center>CHANGE PASSWORD</H1>
<P>&nbsp;</P>
<P>Put User name and Password:</P>
<P>
<FORM action="ChangePassword1.asp" method=post id=frmLogin name=frmLogin onsubmit="return validate()">

<TABLE border=0 cellPadding=1 cellSpacing=1 width="75%">
 
  <TR>
    <TD>User Name</TD>
    <TD><INPUT id=txtUserName name=txtUserName
      style="HEIGHT: 25px; WIDTH: 365px">
</TD></TR>
  <TR>
    <TD>Existing Password</TD>
    <TD><INPUT id=txtPassword name=txtPassword
      type=password style="LEFT: 1px; TOP: 3px">
</TD></TR>
  <TR>
    <TD>New Password</TD>
    <TD><INPUT id=txtNewPassword name=txtNewPassword
      type=password>
</TD></TR>
  <TR>
    <TD>Confirm new password</TD>
    <TD><INPUT id=txtNewPassword2 name=txtNewPassword2
      type=password>
</TD></TR>
</TABLE></P>
<P><INPUT type="submit" value="Go!" id=submit1 name=submit1>&nbsp;
</P></FORM>
<P>&nbsp;</P>

</BODY>
</HTML>
****************************************************

ChangePassword1.asp:


<%@ Language=VBScript %>
<%

dim sUser, sPassword
dim oUser, sConnectString

sUser = request("txtUserName")
sPassword = request("txtPassword")
sNewPassword = request("txtNewPassword")
if sUser = "" then Response.Redirect "ChangePasswordEntry.asp"

On Error Resume Next
sConnectString = "WinNT://ariadni.gr/" & sUser & ",user"
Set oUser = GetObject(sConnectString)

oUser.ChangePassword sPassword, sNewPassword
set oUser = Nothing

If (err.number <> 0) Then
Response.Redirect "ChangePasswordEntry_error.asp"
else
Response.Write "Ï Êùäéêüò ÷ñÞóôç Üëëáîå ìå åðéôõ÷ßá"
end if

%>
***********************************************

ChangePasswordEntry_error.asp:
Same as ChangePasswordEntry.asp, instead of
<H1 align=center>CHANGE PASSWORD</H1> you put:
<H1 align=center>WRONG GIVEN PASSWORD - TRY AGAIN</H1>

Lavinder thanks for helping.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now