Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Reset Active Directory Password

I have windows 2003 server and 2000 ad.  I am running IIS 6.  I am trying to reset a password using some of the sample code found on this site but I can't get it to work.  I can't even create the object below

set usr = GetObject("LDAP://CN=rfulcher,CN=Users,DC=company,DC=local")

All I get is a 500 internal error.
  • 4
  • 3
  • 3
1 Solution
Do this to see specific error messages
Tools -> Internet Options
Go to "Advanced" tab.
Make sure "Show friendly HTTP error messages" is UNCHECKED.

Run the page again.
rfulcherAuthor Commented:
The error I get now is

error '80072030'
/ChangePass/Changepass.asp, line 30

Which corresponds to this line.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Are these values your server values or were they taken from your sample code? - "LDAP://CN=rfulcher,CN=Users,DC=company,DC=local"

One of the most handy toos for this stuff is the adsiedit. If you don't have it, you can install it from the Windows CD under SystemTools
rfulcherAuthor Commented:
I am taking a look at both things posted.  The values that I posted are the ones that I used except company was my company.  
rfulcherAuthor Commented:
I have used the adsiedit tool to look at the structure.  I can now get past that line because I have a connection like this:

set usr = GetObject("LDAP://CN=Robert Fulcher,OU=MIS,OU=CH,DC=Company,DC=Local")

The issue is that I have many OU ast the MIS level and can only get this to come back if I specify it this way.  Is there any way to have it search for this and I can pull the info back easier?
rfulcherAuthor Commented:
I need to reset the password here is wat I am trying to do:

usr.ChangePassword "oldpass", "newpass"

This is the error I am getting:

Active Directory error '8000500c'

The directory datatype cannot be converted to/from a native DS datatype

/ChangePass/Changepass.asp, line 36
This is how you might do a search. This includes creating a SQL style query along with looping through the results.

Give this a go:
                m_cOrganUnit = "CN=Users"
            Set objRoot = GetObject("LDAP://RootDSE")
            sDomainPath = objRoot.Get("DefaultNamingContext")
            Set con = Server.CreateObject("ADODB.Connection")
            con.provider = "ADsDSOObject"
            con.open "Active Directory Provider"
            Set Com = Server.CreateObject("ADODB.Command")
            Set Com.ActiveConnection = con
            Set rstemp = Server.CreateObject("ADODB.Recordset")
            Com.CommandText = "select name, sAMAccountname from 'LDAP://" & m_cOrganUnit & "," & sDomainPath & "'"
            Set rstemp = Com.Execute
                do while not rstemp.eof

You can just loop through the results like this. I've used "name, sAMAccountname" but you can find any other field (like "mail" etc) that you can see under properties in adsiedit . At the same time, you can put things at thend of the CommandText like " Where name='Robert Fulcher'".

I'm not sure if you've seen this but it has a few clues about the error you're getting on changing the password. Ignore the way they are looking up the information as I found it cumbersome.

The IADsUser::ChangePassword method changes the user password from the specified old value to a new value.

HRESULT ChangePassword(
  BSTR bstrOldPassword,
  BSTR bstrNewPassword
[in] A BSTR that contains the current password.
[out] A BSTR that contains the new password.
Return Values
This method supports the standard return values, including S_OK. For more information and other return values, see ADSI Error Codes.
The method used to change the password is provider-specific. The system LDAP provider initially attempts a LDAP change password operation, if a secure SSL connection to the server is established. If this attempt fails, the LDAP provider then calls the Active Directory specific network management API, NetUserChangePassword.

In Active Directory, the caller must have the Change Password extended control access right to change the password with this method.

Example Code [Visual Basic]
The following code example shows how to change a user password.

Dim usr As IADsUser
Dim szOldPass As String
Dim szNewPass As String

On Error GoTo Cleanup

Set usr = GetObject("WinNT://Fabrikam/JeffSmith,user")
' Add code to securely retrieve the old and new password.

usr.ChangePassword szOldPass, szNewPass

    If (Err.Number<>0) Then
        MsgBox("An error has occurred. " & Err.Number)
    End If
    Set usr = Nothing
Example Code [C++]
The following code example shows how to change a user password.

HRESULT ChangePassword(
    IADsUser *pUser,
    LPWSTR oldPasswd,
    LPWSTR newPasswd)
    HRESULT hr=S_OK;
    if(!pUser) { return E_FAIL;}
    hr = pUser->ChangePassword(oldPasswd, newPasswd);
    printf("User password has been changed");
    return hr;
Client: Requires Windows XP or Windows 2000 Professional.
Server: Requires Windows Server 2003 or Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0, Windows 95, Windows 98 and Windows Me.
Header: Declared in Iads.h.

See Also
IADsUser, IADsUser Property Methods, ADSI Error Codes

I supplied some code that should take care of what they need. Recomend that I get at least some of the points.


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now