Learn how to a build a cloud-first strategyRegister Now


Change a Users Domain Password from inside Access application

Posted on 2005-05-05
Medium Priority
Last Modified: 2006-11-18
I have an access application and need the query the users domain password and allow them to change it.  I can get the user name using the advapi32.dll but I now need to have a form that allows them to enter in a new password and old and change the network password.

Question by:running32
  • 4
  • 3
LVL 51

Expert Comment

by:Steve Bink
ID: 13939364
Are you familiar with the AD library available for Access?  It allows the query of AD for whatever you need, and has a method to change a user's password.

Author Comment

ID: 13939439
No I'm not familiar with the AD Library, I'll take a look.  Do you have any examples?


Author Comment

ID: 13939530
I think I have it I use the adhSetPwd function.  correct!
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

LVL 51

Accepted Solution

Steve Bink earned 2000 total points
ID: 13939588
The reference is called "Active DS Type Library" in the listing, and the method I'm refering to is IADsUser.SetPassword.

However, there is a rather steep learning curve on this library, as I recently found out.  Here's some code I generated the other day to run a query on AD for all users.  Some editing has been done to remove certain information:

Public Sub ImportLDAPUsers()
Dim ou As IADs
Dim conLDAP As ADODB.Connection
Dim cmdLDAP As ADODB.Command
Dim rsLDAP As ADODB.Recordset
Dim sSQL As String
Dim xs As String
Dim disflag As Boolean

Set conLDAP = New ADODB.Connection
conLDAP.Provider = "ADsDSOObject"
conLDAP.Open "Active Directory Provider"

Set cmdLDAP = New ADODB.Command
cmdLDAP.ActiveConnection = conLDAP
cmdLDAP.CommandText = "<LDAP://MyServer/DC=MyDomain,DC=COM>;" & _
                    "(&(objectCategory=Person)(objectClass=user));" & _
                    "userPrincipalName,givenName,sn,mail,userAccountControl," & _

Set rsLDAP = cmdLDAP.Execute

Do Until rsLDAP.EOF
    'userAccountControl AND 32 = 0 means a password is required for the account
    If ((rsLDAP!useraccountcontrol And 32) = 0) And (Nz(rsLDAP!givenname, "") <> "") And (Nz(rsLDAP!sn, "") <> "") Then
        xs = rsLDAP!distinguishedname
        xs = Mid(xs, InStr(1, xs, ",") + 1, Len(xs))
        disflag = rsLDAP!useraccountcontrol And 2
        sSQL = "INSERT INTO Users (UserLogon,UserFName,UserLName,UserEmail,UserDisabled,UserCompany) " & _
            "VALUES ('" & Left(rsLDAP!userprincipalname, InStr(1, rsLDAP!userprincipalname, "@") - 1) & _
            "','" & rsLDAP!givenname & "','" & rsLDAP!sn & "','" & rsLDAP!userprincipalname & "'," & _
            disflag & ",'"
        Select Case Left(xs, 7)
            Case "OU=OU01": sSQL = sSQL & "Company1')"
            Case Else: sSQL = sSQL & "Company2')"
        End Select
        CurrentDb.Execute sSQL
    End If

Set rsLDAP = Nothing

Set cmdLDAP = Nothing
Set conLDAP = Nothing

End Sub

Author Comment

ID: 13939771
Ouch that is very steep is there any easier way to do it? :-)
LVL 51

Expert Comment

by:Steve Bink
ID: 13939888
Most of it is cut-n-paste.  The main things you have to worry about are the CommandText (this one shows an LDAP query, though I understand there is a way to do it with SQL too), and making sure you have your search criteria correct.  Once the LDAP connection is set up and you have your objects bound, you can retrieve all the information into a normal ADO recordset and work from there.  It's the rest that is a pain in the buttocks.

On top of the curve, you should realize that the code I posted only pulls the user's logon, first and last name, email address, the user's account's flags, and the full distinguished name of the user object within AD (CN=Smith,CN=JOHN,OU=Users,DC=MyDomain,DC=COM).  This does even bind to the actual user object, much less allow for changing any information, which I haven't gotten up enough courage to do yet.  :)  I'd be happy to experiment along with you - the curve won't be nearly as steep for me - but it is likely to be a rather involved process.  That code represents about 5 hours of research, coding, and debugging.

Author Comment

ID: 13971237
I think I have to play around with this but it seems to be what i need.  Thanks

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Part II of this series, I will discuss how to identify all open instances of Excel and enumerate the workbooks, spreadsheets, and named ranges within each of those instances.
Windows Explorer lets you open cabinet (cab) files like any other folder. In VBA you can easily handle normal files and folders, but opening and indeed creating cabinet files takes a lot more - and that's you'll find here.
Basics of query design. Shows you how to construct a simple query by adding tables, perform joins, defining output columns, perform sorting, and apply criteria.
In Microsoft Access, when working with VBA, learn some techniques for writing readable and easily maintained code.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question