Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do I reset an AD LDS account password in .NET?

Posted on 2009-04-09
1
Medium Priority
?
2,458 Views
Last Modified: 2013-12-24
I need to create a web-based .NET web application for creating a new AD LDS user account and assigning a password to it.  The web-form will be hosted in IIS 7 on a different server than the AD LDS server.  Presently, my code is able to create and assign attributes to a new AD LDS user.  However, when I try to reset the password of the user, I run into an exception:

STACK TRACE:

System.Reflection.TargetInvocationException was unhandled by user code
Message="Exception has been thrown by the target of an invocation."
Source="System.DirectoryServices"
StackTrace:
at System.DirectoryServices.DirectoryEntry.Invoke(String methodName,
Object[] args)
at SierraSys.LdapAdminTool.Web.CreateUser.OnPreRender(EventArgs e) in
C:\PROJECTS\Internal\LdapAdminTool\LdapAdmin1.0\Web\CreateUser.aspx.cs:line 62
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

----------

INNER EXCEPTION:

The directory property cannot be found in the cache.

-----------

I have read through various web resources that SSL must be enabled for the LDAP provider/ AD LDS to allow for remote password resets invoked through code (eg.
http://geekswithblogs.net/Lance/archive/2005/08/19/LdapAuthenticationASP.aspx).  I have generated a self-signed certificate using selfssl.exe and assigned it to the Trusted Root Certificates Authorities certificate store on both the AD LDS server and the web server hosting the .NET form. I have also followed instructions on configuring SSL for AD LDS from this MSDN article:

http://technet.microsoft.com/en-us/library/cc725767.aspx

I have confirmed through ldp.exe that the SSL connection for AD LDS is working.

At a major roadblock here. Any assistance or suggestions with this much appreciated.
using(DirectoryEntry de = new DirectoryEntry(
                "LDAP://SERVERNAME:636/CN=Clients,CN=Users,CN=ADLDSSTORE,DC=SERVERNAME,DC=local",
                "CN=SERVICEACCOUNT,CN=Users,CN=ADLDSSTORE,DC=SERVERNAME,DC=local",
                "USERPASSWORD", AuthenticationTypes.SecureSocketsLayer)) {
 
                DirectoryEntry newUser = de.Children.Add("CN=testuser1", "user");
                newUser.CommitChanges();
 
                newUser.Invoke("Put", new Object[] { "displayName", "User, Test" });
                newUser.Invoke("Put", new Object[] { "givenName", "Test" });
                newUser.Invoke("Put", new Object[] { "mail", "TestUser@DOMAIN.com" });
                newUser.Invoke("Put", new Object[] { "company", "ABC" });
                newUser.Invoke("Put", new Object[] { "sn", "User" });
                newUser.Invoke("Put", new Object[] { "telephoneNumber", "1 604 123-1234" });
                newUser.Invoke("Put", new Object[] { "description", "User description." });
                newUser.CommitChanges();
 
                // EXCEPTION THROWN HERE
                newUser.Invoke("SetPassword", new Object[] { "THEUSERPASSWORD" });
 
                newUser.CommitChanges();
                newUser.Close();
}

Open in new window

0
Comment
Question by:blizzy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
blizzy earned 0 total points
ID: 24111965
Solved it....

It looks like AD LDS does not like the SetPassword command.  I found an article on how to do this in ldp.exe and adapted it for .NET:

http://technet.microsoft.com/en-us/library/cc781829.aspx

My code now reads:

                newUser.Invoke("Put", new Object[] { "userpassword", "THEPASSWORD" });
                newUser.CommitChanges();
                newUser.Close();

Open in new window

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to get a list of available printers for display in a drop-down list, and then to use the selected printer to print an Access report or a Word document filled with Access data, using different syntax as needed for working with …
In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question