Solved

User Cannot Change Password problem

Posted on 2009-04-07
4
375 Views
Last Modified: 2012-05-06
I have this c# code that works to check the "User Cannot Change Password" check box but how can I unckeck it.

Thanks
string PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}";

 

            string[] trustees = new string[] { @"NT AUTHORITY\SELF", "EVERYONE" };

 

            ActiveDs.IADsSecurityDescriptor sd = (ActiveDs.IADsSecurityDescriptor)user.Properties["ntSecurityDescriptor"].Value;

            ActiveDs.IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;

            ActiveDs.IADsAccessControlEntry ace = new ActiveDs.AccessControlEntry();

            foreach (string trustee in trustees)

            {

                ace.Trustee = trustee;

                ace.AceFlags = 0;

                ace.AceType = (int)

                ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED_OBJECT;

                ace.Flags = (int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;

                ace.ObjectType = PASSWORD_GUID;

                ace.AccessMask = (int)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DS_CONTROL_ACCESS;

                acl.AddAce(ace);

            }

            sd.DiscretionaryAcl = acl;

            user.Properties["ntSecurityDescriptor"].Value = sd;

            user.CommitChanges();

Open in new window

0
Comment
Question by:scanet
  • 3
4 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 24094162
Usually check and uncheck is just a 1 instead of 0. Have you tried it yet?
0
 

Author Comment

by:scanet
ID: 24094871
Hi,

I think I tried that but I will give it another go this evening.

Thanks
0
 

Author Comment

by:scanet
ID: 24099240
I tried to change ace.AceFlags = 0; to 1 but it did not work. is there another metod I could use?

Thanks
0
 

Accepted Solution

by:
scanet earned 0 total points
ID: 24101047
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now