Solved

changing a password in active directory

Posted on 2006-11-08
5
328 Views
Last Modified: 2008-02-01
I have the following code:
private void ChangePassword()
{
   const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
   const long ADS_OPTION_PASSWORD_METHOD = 7;
   const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0;
   const int ADS_PASSWORD_ENCODE_CLEAR   = 1;
   int intPort = 389;
   DirectoryEntry oNewUser, oDE;

   Utility_Lib.C_Web oUtil = new Utility_Lib.C_Web();

   string ADDomain = oUtil.GetAppStringSetting("ADDomain");
   string ADServer = oUtil.GetAppStringSetting("ADServer");
   string ADContext = oUtil.GetAppStringSetting("ADContext");
   string ADPath = oUtil.GetAppStringSetting("ADPath") + ADServer + ADContext + ", " + ADDomain;
   string DomainName = oUtil.GetAppStringSetting("DomainName");
   string ADAdminUser = DomainName + oUtil.GetAppStringSetting("ADAdminUser");
   string ADAdminPassword = oUtil.GetAppStringSetting("ADAdminPassword");

   oDE = new DirectoryEntry(ADPath, ADAdminUser, ADAdminPassword, AuthenticationTypes.Secure);
   DirectorySearcher deSearch = new DirectorySearcher();
   deSearch.SearchRoot = oDE;
   deSearch.Filter = "(sAMAccountName=hobbes)";
   deSearch.SearchScope = SearchScope.Subtree;
   SearchResult results= deSearch.FindOne();

   if(results !=null)
   {
     oNewUser = new DirectoryEntry(results.Path, ADAdminUser, ADAdminPassword, AuthenticationTypes.ServerBind);
     oNewUser.RefreshCache();
   }
   else
   {
     oNewUser = null;
   }

   lblStatus.Visible = true;

   try
   {
     lblStatus.Text = "Got part way...";
     oNewUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_PORTNUMBER, intPort});
     oNewUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR});
     //oNewUser.Invoke("ChangePassword", new object[] {"evertest", "abc111"});
***BLOWS UP BELOW ON THE NEXT LINE***
     oNewUser.Invoke("SetPassword", new object[] {"abc111"});
     lblStatus.Text = "Successfully change password.";
   }
   catch (Exception ex)
   {
     lblStatus.Text = ex.Message;
   }
}

I know I have the right object in AD.  I can explore the oNewUser object and verify that the various parts of it are all filled out.
Path  "LDAP://depot.e-olsons.local/CN=Calvinetta Hobbes,OU=TestOU,OU=MyBusiness,DC=e-Olsons,DC=local"      string
As you can see, I found my cat.

However, I am getting the following error:
Exception has been thrown by the target of an invocation.  {"The server is unwilling to process the request." }

For further reference - web.config has the following which the oUtil object is reading in:
  <appSettings>
    <add key="ADServer" value="depot.e-olson.local/" />
    <add key="DomainName" value="e-olson\" />
    <add key="ADAdminUser" value="xxx000" />
    <add key="ADAdminPassword" value="abc123" />
    <add key="ADPath" value="LDAP://" />
    <add key="ADDomain" value="DC=e-olson, DC=local" />
    <add key="ADContext" value="OU=TestOU, OU=MyBusiness" />
  </appSettings>

At my workstation, I am an enterprise, domain, admin equivalent.  I used the actual domain admin information in the web.config (obviously cut out above).

I have tried LOTS of sample versions I found on the web and I cannot get past this problem.  It blows up where I put the *** marker.  I am at home with my own Windows 2003 Small Business server and I am using the administrative account in web.config to load all the information about the domain.  It is service packed to the hilt.  I am running VisualStudio 2003 SP1 and my XP Pro system is service packed to the hilt.  I have the framework v1.1 with added security patches, too.  I have tried variations on AuthenticationTypes.Secure, None, etc...

I am SOOO frustrated.  Any ideas on why my server is so unwilling?

William
0
Comment
Question by:wjolson
  • 2
5 Comments
 
LVL 12

Expert Comment

by:RubenvdLinden
ID: 17904936
Can you alter the code a bit and run it as a WinForm application?
If it runs from there, you'll know the code is correct and you need to look for a problem with the webserver.
0
 

Author Comment

by:wjolson
ID: 17921519
Ok.  I created a WinForm this AM and there is no difference.  It blows up on the same line with the same exact message.  I am still stuck.

William
0
 

Author Comment

by:wjolson
ID: 17922121
And the solution to this problem seems to have been 2 fold.  

First, I noticed that if I typed in a user id and password directly such as this...
oDE = new DirectoryEntry(ADPath, "MyDomain.local\\administrator", "adminPassword"); -- the error message changed.

Also, I got rid of the ...AuthenticationTypes.Secure, or None, etc...  I suppose this implies I am doing things in clear text, but it is okay for my app.

I have posted the code below that worked for me.  As you will notice I dropped all the other junk about picking the port and setting constants.  It wasn't necessary for what I needed.

Thanks.

William Olson


private void ChangePassword()
{
  DirectoryEntry oNewUser, oDE;
  Utility_Lib.C_Web oUtil = new Utility_Lib.C_Web();

  string ADDomain = oUtil.GetAppStringSetting("ADDomain");
  string ADServer = oUtil.GetAppStringSetting("ADServer");
  string ADContext = oUtil.GetAppStringSetting("ADContext");
  string ADPath = oUtil.GetAppStringSetting("ADPath") + ADServer + ADContext + ", " + ADDomain;
  string DomainName = oUtil.GetAppStringSetting("DomainName");
  string ADAdminUser = oUtil.GetAppStringSetting("ADAdminUser");
  string ADAdminPassword = oUtil.GetAppStringSetting("ADAdminPassword");

  try
  {
    oDE = new DirectoryEntry(ADPath, "MyDomain.local\\administrator", "adminPassword");
    DirectorySearcher deSearch = new DirectorySearcher();
    deSearch.SearchRoot = oDE;
    deSearch.Filter = "(sAMAccountName=hobbes)";
    deSearch.SearchScope = SearchScope.Subtree;
    SearchResult results = deSearch.FindOne();

    if(results != null)
    {

NOTE: "MyDomain.local\\administrator" doesn't work well from the web or app .config file.  I found it better to specify the logon id as administrator@myDomain.local in my config file.  Otherwise, you get the @ symbol infront of the variable and it does not get interpreted well.

      oNewUser = new DirectoryEntry(results.Path, ADAdminUser, ADAdminPassword);
      oNewUser.Invoke("SetPassword", new object[] {"cat999"});
      //oNewUser.Invoke("ChangePassword", new object[] {"evertest", "abc111"});
    }
    else
    {
      oNewUser = null;
    }
    lblStatus.Visible = true;
    lblStatus.Text = "Successfully change password.";
    }
    catch (Exception ex)
    {
      lblStatus.Text = ex.Message;
    }
}
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18109043
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reset asp.net login password 4 42
Web Form VB.Net  import CSV 4 36
Simple Injector with Web Service 4 38
VB: Convert 2 dates to specific format 24 48
Article by: Najam
Having new technologies does not mean they will completely replace old components.  Recently I had to create WCF that will be called by VB6 component.  Here I will describe what steps one should follow while doing so, please feel free to post any qu…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now