Change a Users Domain Password from inside Access application

Posted on 2005-05-05
Last Modified: 2006-11-18
I have an access application and need the query the users domain password and allow them to change it.  I can get the user name using the advapi32.dll but I now need to have a form that allows them to enter in a new password and old and change the network password.

Question by:running32
    LVL 50

    Expert Comment

    by:Steve Bink
    Are you familiar with the AD library available for Access?  It allows the query of AD for whatever you need, and has a method to change a user's password.

    Author Comment

    No I'm not familiar with the AD Library, I'll take a look.  Do you have any examples?


    Author Comment

    I think I have it I use the adhSetPwd function.  correct!
    LVL 50

    Accepted Solution

    The reference is called "Active DS Type Library" in the listing, and the method I'm refering to is IADsUser.SetPassword.

    However, there is a rather steep learning curve on this library, as I recently found out.  Here's some code I generated the other day to run a query on AD for all users.  Some editing has been done to remove certain information:

    Public Sub ImportLDAPUsers()
    Dim ou As IADs
    Dim conLDAP As ADODB.Connection
    Dim cmdLDAP As ADODB.Command
    Dim rsLDAP As ADODB.Recordset
    Dim sSQL As String
    Dim xs As String
    Dim disflag As Boolean

    Set conLDAP = New ADODB.Connection
    conLDAP.Provider = "ADsDSOObject"
    conLDAP.Open "Active Directory Provider"

    Set cmdLDAP = New ADODB.Command
    cmdLDAP.ActiveConnection = conLDAP
    cmdLDAP.CommandText = "<LDAP://MyServer/DC=MyDomain,DC=COM>;" & _
                        "(&(objectCategory=Person)(objectClass=user));" & _
                        "userPrincipalName,givenName,sn,mail,userAccountControl," & _

    Set rsLDAP = cmdLDAP.Execute

    Do Until rsLDAP.EOF
        'userAccountControl AND 32 = 0 means a password is required for the account
        If ((rsLDAP!useraccountcontrol And 32) = 0) And (Nz(rsLDAP!givenname, "") <> "") And (Nz(rsLDAP!sn, "") <> "") Then
            xs = rsLDAP!distinguishedname
            xs = Mid(xs, InStr(1, xs, ",") + 1, Len(xs))
            disflag = rsLDAP!useraccountcontrol And 2
            sSQL = "INSERT INTO Users (UserLogon,UserFName,UserLName,UserEmail,UserDisabled,UserCompany) " & _
                "VALUES ('" & Left(rsLDAP!userprincipalname, InStr(1, rsLDAP!userprincipalname, "@") - 1) & _
                "','" & rsLDAP!givenname & "','" & rsLDAP!sn & "','" & rsLDAP!userprincipalname & "'," & _
                disflag & ",'"
            Select Case Left(xs, 7)
                Case "OU=OU01": sSQL = sSQL & "Company1')"
                Case Else: sSQL = sSQL & "Company2')"
            End Select
            CurrentDb.Execute sSQL
        End If

    Set rsLDAP = Nothing

    Set cmdLDAP = Nothing
    Set conLDAP = Nothing

    End Sub

    Author Comment

    Ouch that is very steep is there any easier way to do it? :-)
    LVL 50

    Expert Comment

    by:Steve Bink
    Most of it is cut-n-paste.  The main things you have to worry about are the CommandText (this one shows an LDAP query, though I understand there is a way to do it with SQL too), and making sure you have your search criteria correct.  Once the LDAP connection is set up and you have your objects bound, you can retrieve all the information into a normal ADO recordset and work from there.  It's the rest that is a pain in the buttocks.

    On top of the curve, you should realize that the code I posted only pulls the user's logon, first and last name, email address, the user's account's flags, and the full distinguished name of the user object within AD (CN=Smith,CN=JOHN,OU=Users,DC=MyDomain,DC=COM).  This does even bind to the actual user object, much less allow for changing any information, which I haven't gotten up enough courage to do yet.  :)  I'd be happy to experiment along with you - the curve won't be nearly as steep for me - but it is likely to be a rather involved process.  That code represents about 5 hours of research, coding, and debugging.

    Author Comment

    I think I have to play around with this but it seems to be what i need.  Thanks

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Experts-Exchange is a great place to come for help with solutions for your database issues, and many problems are resolved within minutes of being posted.  Others take a little more time and effort and often providing a sample database is very helpf…
    I see at least one EE question a week that pertains to using temporary tables in MS Access.  But surprisingly, I was unable to find a single article devoted solely to this topic. I don’t intend to describe all of the uses of temporary tables in t…
    In Microsoft Access, learn how to “cascade” or have the displayed data of one combo control depend upon what’s entered in another. Base the dependent combo on a query for its row source: Add a reference to the first combo on the form as criteria i…
    What’s inside an Access Desktop Database. Will look at the basic interface, Navigation Pane (Database Container), Tables, Queries, Forms, Report, Macro’s, and VBA code.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now