Reset Active Directory Password

Posted on 2004-11-22
Last Modified: 2008-02-26
I have windows 2003 server and 2000 ad.  I am running IIS 6.  I am trying to reset a password using some of the sample code found on this site but I can't get it to work.  I can't even create the object below

set usr = GetObject("LDAP://CN=rfulcher,CN=Users,DC=company,DC=local")

All I get is a 500 internal error.
Question by:rfulcher
    LVL 33

    Expert Comment

    Do this to see specific error messages
    Tools -> Internet Options
    Go to "Advanced" tab.
    Make sure "Show friendly HTTP error messages" is UNCHECKED.

    Run the page again.
    LVL 33

    Expert Comment


    Author Comment

    The error I get now is

    error '80072030'
    /ChangePass/Changepass.asp, line 30

    Which corresponds to this line.
    LVL 33

    Expert Comment

    LVL 10

    Expert Comment

    Are these values your server values or were they taken from your sample code? - "LDAP://CN=rfulcher,CN=Users,DC=company,DC=local"

    One of the most handy toos for this stuff is the adsiedit. If you don't have it, you can install it from the Windows CD under SystemTools

    Author Comment

    I am taking a look at both things posted.  The values that I posted are the ones that I used except company was my company.  

    Author Comment

    I have used the adsiedit tool to look at the structure.  I can now get past that line because I have a connection like this:

    set usr = GetObject("LDAP://CN=Robert Fulcher,OU=MIS,OU=CH,DC=Company,DC=Local")

    The issue is that I have many OU ast the MIS level and can only get this to come back if I specify it this way.  Is there any way to have it search for this and I can pull the info back easier?

    Author Comment

    I need to reset the password here is wat I am trying to do:

    usr.ChangePassword "oldpass", "newpass"

    This is the error I am getting:

    Active Directory error '8000500c'

    The directory datatype cannot be converted to/from a native DS datatype

    /ChangePass/Changepass.asp, line 36
    LVL 10

    Accepted Solution

    This is how you might do a search. This includes creating a SQL style query along with looping through the results.

    Give this a go:
                    m_cOrganUnit = "CN=Users"
                Set objRoot = GetObject("LDAP://RootDSE")
                sDomainPath = objRoot.Get("DefaultNamingContext")
                Set con = Server.CreateObject("ADODB.Connection")
                con.provider = "ADsDSOObject"
       "Active Directory Provider"
                Set Com = Server.CreateObject("ADODB.Command")
                Set Com.ActiveConnection = con
                Set rstemp = Server.CreateObject("ADODB.Recordset")
                Com.CommandText = "select name, sAMAccountname from 'LDAP://" & m_cOrganUnit & "," & sDomainPath & "'"
                Set rstemp = Com.Execute
                    do while not rstemp.eof

    You can just loop through the results like this. I've used "name, sAMAccountname" but you can find any other field (like "mail" etc) that you can see under properties in adsiedit . At the same time, you can put things at thend of the CommandText like " Where name='Robert Fulcher'".

    I'm not sure if you've seen this but it has a few clues about the error you're getting on changing the password. Ignore the way they are looking up the information as I found it cumbersome.

    The IADsUser::ChangePassword method changes the user password from the specified old value to a new value.

    HRESULT ChangePassword(
      BSTR bstrOldPassword,
      BSTR bstrNewPassword
    [in] A BSTR that contains the current password.
    [out] A BSTR that contains the new password.
    Return Values
    This method supports the standard return values, including S_OK. For more information and other return values, see ADSI Error Codes.
    The method used to change the password is provider-specific. The system LDAP provider initially attempts a LDAP change password operation, if a secure SSL connection to the server is established. If this attempt fails, the LDAP provider then calls the Active Directory specific network management API, NetUserChangePassword.

    In Active Directory, the caller must have the Change Password extended control access right to change the password with this method.

    Example Code [Visual Basic]
    The following code example shows how to change a user password.

    Dim usr As IADsUser
    Dim szOldPass As String
    Dim szNewPass As String

    On Error GoTo Cleanup

    Set usr = GetObject("WinNT://Fabrikam/JeffSmith,user")
    ' Add code to securely retrieve the old and new password.

    usr.ChangePassword szOldPass, szNewPass

        If (Err.Number<>0) Then
            MsgBox("An error has occurred. " & Err.Number)
        End If
        Set usr = Nothing
    Example Code [C++]
    The following code example shows how to change a user password.

    HRESULT ChangePassword(
        IADsUser *pUser,
        LPWSTR oldPasswd,
        LPWSTR newPasswd)
        HRESULT hr=S_OK;
        if(!pUser) { return E_FAIL;}
        hr = pUser->ChangePassword(oldPasswd, newPasswd);
        printf("User password has been changed");
        return hr;
    Client: Requires Windows XP or Windows 2000 Professional.
    Server: Requires Windows Server 2003 or Windows 2000 Server.
    Redistributable: Requires Active Directory Client Extension on Windows NT 4.0, Windows 95, Windows 98 and Windows Me.
    Header: Declared in Iads.h.

    See Also
    IADsUser, IADsUser Property Methods, ADSI Error Codes

    LVL 10

    Expert Comment

    I supplied some code that should take care of what they need. Recomend that I get at least some of the points.


    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
    This demonstration started out as a follow up to some recently posted questions on the subject of logging in: and…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now