Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 761
  • Last Modified:

LDAP- Force the user to change password

i have the code to reset the user password in the Active Directory..

How to force the user to change the password after the first logon...
Please help..
Also, is there a way to track if the user changed password more than three times in a day..
Thank You...
0
gautam_reddyc
Asked:
gautam_reddyc
  • 5
  • 3
  • 3
  • +1
3 Solutions
 
rasantoroCommented:
Try this...

dsquery user OU=test,DC=mydomain,DC=local | dsmod user
-mustchpwd yes

I am not sure about tracking the number of password changes.
0
 
gautam_reddycAuthor Commented:
hi rasantoro,
   i didnt understand your solution.. Is it a C# code?

 I used the following code to unlock and reset password...

de.Properties["LockOutTime"].Value = 0x0000;

de.Invoke("SetPassword", new object[] { newPassword });

I just need the C# code to force the user to change the password after first logon..

Thank You..
0
 
bluntTonyCommented:
Hi there,
Try...
de.Properties["pwdLastSet"].Value = 0
By setting 'pwdLastSet' this effectively will force the user to change on next login.
Tony
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
bluntTonyCommented:
With regards to tracking the change, how about simply setting a minimum password age in AD to restrict how frequently they can do this?
On a domain linked GPO with your account policies:
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy > "Minimum Password Age"
Tony
0
 
AnoopChandranCommented:
I think the below link is very helpful for you ...

Script for force the user to change the password ?

http://www.computerperformance.co.uk/vbscript/vbscript_pwdlastset.htm

Password reset count  ?

http://www.manageengine.com/products/ad-manager/windows-active-directory-password-reports.html
http://jira.atlassian.com/browse/CONF-6532

Anoop
0
 
gautam_reddycAuthor Commented:
bluntTony, got it... iam able to force user to change pwd after theire first logon..
Do you know how to keep track of users changing their passwords... Thank You..
0
 
AnoopChandranCommented:
gautam_reddyc:

Let me knw how , is it my suggestions are helpful ?

Anoop
0
 
gautam_reddycAuthor Commented:
what do we use to retrieve password from AD to check if it has been reset?

string password = de.Properties["userPassword"].Value.ToString(); ??
0
 
gautam_reddycAuthor Commented:
Hi Anoop,
      Your suggestions are definately helpfull..Thank You Very Much..
      However, i dont want to close this question yet..
   
0
 
bluntTonyCommented:
anoopchadran - I think we're talking C# not VBScript.

gautam_reddyc - unfortunately you cannot retrieve another user's password for security reasons. In order to track the changes without 3rd party software (which I assume must exist but I am not aware of) you would need to enable auditing on your DCs to log when a user changes the password. You could then scan you DCs security logs for these events and compile a report. You can interrogate the logs using WMI.

Although, why do you need to do this? Wouldn't it be better to just enforce a policy where users can only reset their password every x days, and must change at least every x days? This is a simple group policy.
0
 
gautam_reddycAuthor Commented:
hi bluntTony,
   Thanks for your reply.. that's a better option..

   When i run the code to reset pwd it runs fine... how to confirm if the password has been changed??
0
 
AnoopChandranCommented:
oops , thanks for your reply and sorry to not read carefully .... :)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 5
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now