Solved

changing a password in active directory

Posted on 2006-11-08
5
323 Views
Last Modified: 2008-02-01
I have the following code:
private void ChangePassword()
{
   const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
   const long ADS_OPTION_PASSWORD_METHOD = 7;
   const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0;
   const int ADS_PASSWORD_ENCODE_CLEAR   = 1;
   int intPort = 389;
   DirectoryEntry oNewUser, oDE;

   Utility_Lib.C_Web oUtil = new Utility_Lib.C_Web();

   string ADDomain = oUtil.GetAppStringSetting("ADDomain");
   string ADServer = oUtil.GetAppStringSetting("ADServer");
   string ADContext = oUtil.GetAppStringSetting("ADContext");
   string ADPath = oUtil.GetAppStringSetting("ADPath") + ADServer + ADContext + ", " + ADDomain;
   string DomainName = oUtil.GetAppStringSetting("DomainName");
   string ADAdminUser = DomainName + oUtil.GetAppStringSetting("ADAdminUser");
   string ADAdminPassword = oUtil.GetAppStringSetting("ADAdminPassword");

   oDE = new DirectoryEntry(ADPath, ADAdminUser, ADAdminPassword, AuthenticationTypes.Secure);
   DirectorySearcher deSearch = new DirectorySearcher();
   deSearch.SearchRoot = oDE;
   deSearch.Filter = "(sAMAccountName=hobbes)";
   deSearch.SearchScope = SearchScope.Subtree;
   SearchResult results= deSearch.FindOne();

   if(results !=null)
   {
     oNewUser = new DirectoryEntry(results.Path, ADAdminUser, ADAdminPassword, AuthenticationTypes.ServerBind);
     oNewUser.RefreshCache();
   }
   else
   {
     oNewUser = null;
   }

   lblStatus.Visible = true;

   try
   {
     lblStatus.Text = "Got part way...";
     oNewUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_PORTNUMBER, intPort});
     oNewUser.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR});
     //oNewUser.Invoke("ChangePassword", new object[] {"evertest", "abc111"});
***BLOWS UP BELOW ON THE NEXT LINE***
     oNewUser.Invoke("SetPassword", new object[] {"abc111"});
     lblStatus.Text = "Successfully change password.";
   }
   catch (Exception ex)
   {
     lblStatus.Text = ex.Message;
   }
}

I know I have the right object in AD.  I can explore the oNewUser object and verify that the various parts of it are all filled out.
Path  "LDAP://depot.e-olsons.local/CN=Calvinetta Hobbes,OU=TestOU,OU=MyBusiness,DC=e-Olsons,DC=local"      string
As you can see, I found my cat.

However, I am getting the following error:
Exception has been thrown by the target of an invocation.  {"The server is unwilling to process the request." }

For further reference - web.config has the following which the oUtil object is reading in:
  <appSettings>
    <add key="ADServer" value="depot.e-olson.local/" />
    <add key="DomainName" value="e-olson\" />
    <add key="ADAdminUser" value="xxx000" />
    <add key="ADAdminPassword" value="abc123" />
    <add key="ADPath" value="LDAP://" />
    <add key="ADDomain" value="DC=e-olson, DC=local" />
    <add key="ADContext" value="OU=TestOU, OU=MyBusiness" />
  </appSettings>

At my workstation, I am an enterprise, domain, admin equivalent.  I used the actual domain admin information in the web.config (obviously cut out above).

I have tried LOTS of sample versions I found on the web and I cannot get past this problem.  It blows up where I put the *** marker.  I am at home with my own Windows 2003 Small Business server and I am using the administrative account in web.config to load all the information about the domain.  It is service packed to the hilt.  I am running VisualStudio 2003 SP1 and my XP Pro system is service packed to the hilt.  I have the framework v1.1 with added security patches, too.  I have tried variations on AuthenticationTypes.Secure, None, etc...

I am SOOO frustrated.  Any ideas on why my server is so unwilling?

William
0
Comment
Question by:wjolson
  • 2
5 Comments
 
LVL 12

Expert Comment

by:RubenvdLinden
Comment Utility
Can you alter the code a bit and run it as a WinForm application?
If it runs from there, you'll know the code is correct and you need to look for a problem with the webserver.
0
 

Author Comment

by:wjolson
Comment Utility
Ok.  I created a WinForm this AM and there is no difference.  It blows up on the same line with the same exact message.  I am still stuck.

William
0
 

Author Comment

by:wjolson
Comment Utility
And the solution to this problem seems to have been 2 fold.  

First, I noticed that if I typed in a user id and password directly such as this...
oDE = new DirectoryEntry(ADPath, "MyDomain.local\\administrator", "adminPassword"); -- the error message changed.

Also, I got rid of the ...AuthenticationTypes.Secure, or None, etc...  I suppose this implies I am doing things in clear text, but it is okay for my app.

I have posted the code below that worked for me.  As you will notice I dropped all the other junk about picking the port and setting constants.  It wasn't necessary for what I needed.

Thanks.

William Olson


private void ChangePassword()
{
  DirectoryEntry oNewUser, oDE;
  Utility_Lib.C_Web oUtil = new Utility_Lib.C_Web();

  string ADDomain = oUtil.GetAppStringSetting("ADDomain");
  string ADServer = oUtil.GetAppStringSetting("ADServer");
  string ADContext = oUtil.GetAppStringSetting("ADContext");
  string ADPath = oUtil.GetAppStringSetting("ADPath") + ADServer + ADContext + ", " + ADDomain;
  string DomainName = oUtil.GetAppStringSetting("DomainName");
  string ADAdminUser = oUtil.GetAppStringSetting("ADAdminUser");
  string ADAdminPassword = oUtil.GetAppStringSetting("ADAdminPassword");

  try
  {
    oDE = new DirectoryEntry(ADPath, "MyDomain.local\\administrator", "adminPassword");
    DirectorySearcher deSearch = new DirectorySearcher();
    deSearch.SearchRoot = oDE;
    deSearch.Filter = "(sAMAccountName=hobbes)";
    deSearch.SearchScope = SearchScope.Subtree;
    SearchResult results = deSearch.FindOne();

    if(results != null)
    {

NOTE: "MyDomain.local\\administrator" doesn't work well from the web or app .config file.  I found it better to specify the logon id as administrator@myDomain.local in my config file.  Otherwise, you get the @ symbol infront of the variable and it does not get interpreted well.

      oNewUser = new DirectoryEntry(results.Path, ADAdminUser, ADAdminPassword);
      oNewUser.Invoke("SetPassword", new object[] {"cat999"});
      //oNewUser.Invoke("ChangePassword", new object[] {"evertest", "abc111"});
    }
    else
    {
      oNewUser = null;
    }
    lblStatus.Visible = true;
    lblStatus.Text = "Successfully change password.";
    }
    catch (Exception ex)
    {
      lblStatus.Text = ex.Message;
    }
}
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
Comment Utility
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: Ivo
Anonymous Types in C# by Ivo Stoykov Anonymous Types are useful when  we do not need to follow usual work-flow -- creating object of some type, assign some read-only values and then doing something with them. Instead we can encapsulate this read…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now