Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2502
  • Last Modified:

How do I reset an AD LDS account password in .NET?

I need to create a web-based .NET web application for creating a new AD LDS user account and assigning a password to it.  The web-form will be hosted in IIS 7 on a different server than the AD LDS server.  Presently, my code is able to create and assign attributes to a new AD LDS user.  However, when I try to reset the password of the user, I run into an exception:

STACK TRACE:

System.Reflection.TargetInvocationException was unhandled by user code
Message="Exception has been thrown by the target of an invocation."
Source="System.DirectoryServices"
StackTrace:
at System.DirectoryServices.DirectoryEntry.Invoke(String methodName,
Object[] args)
at SierraSys.LdapAdminTool.Web.CreateUser.OnPreRender(EventArgs e) in
C:\PROJECTS\Internal\LdapAdminTool\LdapAdmin1.0\Web\CreateUser.aspx.cs:line 62
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

----------

INNER EXCEPTION:

The directory property cannot be found in the cache.

-----------

I have read through various web resources that SSL must be enabled for the LDAP provider/ AD LDS to allow for remote password resets invoked through code (eg.
http://geekswithblogs.net/Lance/archive/2005/08/19/LdapAuthenticationASP.aspx).  I have generated a self-signed certificate using selfssl.exe and assigned it to the Trusted Root Certificates Authorities certificate store on both the AD LDS server and the web server hosting the .NET form. I have also followed instructions on configuring SSL for AD LDS from this MSDN article:

http://technet.microsoft.com/en-us/library/cc725767.aspx

I have confirmed through ldp.exe that the SSL connection for AD LDS is working.

At a major roadblock here. Any assistance or suggestions with this much appreciated.
using(DirectoryEntry de = new DirectoryEntry(
                "LDAP://SERVERNAME:636/CN=Clients,CN=Users,CN=ADLDSSTORE,DC=SERVERNAME,DC=local",
                "CN=SERVICEACCOUNT,CN=Users,CN=ADLDSSTORE,DC=SERVERNAME,DC=local",
                "USERPASSWORD", AuthenticationTypes.SecureSocketsLayer)) {
 
                DirectoryEntry newUser = de.Children.Add("CN=testuser1", "user");
                newUser.CommitChanges();
 
                newUser.Invoke("Put", new Object[] { "displayName", "User, Test" });
                newUser.Invoke("Put", new Object[] { "givenName", "Test" });
                newUser.Invoke("Put", new Object[] { "mail", "TestUser@DOMAIN.com" });
                newUser.Invoke("Put", new Object[] { "company", "ABC" });
                newUser.Invoke("Put", new Object[] { "sn", "User" });
                newUser.Invoke("Put", new Object[] { "telephoneNumber", "1 604 123-1234" });
                newUser.Invoke("Put", new Object[] { "description", "User description." });
                newUser.CommitChanges();
 
                // EXCEPTION THROWN HERE
                newUser.Invoke("SetPassword", new Object[] { "THEUSERPASSWORD" });
 
                newUser.CommitChanges();
                newUser.Close();
}

Open in new window

0
blizzy
Asked:
blizzy
1 Solution
 
blizzyAuthor Commented:
Solved it....

It looks like AD LDS does not like the SetPassword command.  I found an article on how to do this in ldp.exe and adapted it for .NET:

http://technet.microsoft.com/en-us/library/cc781829.aspx

My code now reads:

                newUser.Invoke("Put", new Object[] { "userpassword", "THEPASSWORD" });
                newUser.CommitChanges();
                newUser.Close();

Open in new window

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now