LDAP- Force the user to change password

i have the code to reset the user password in the Active Directory..

How to force the user to change the password after the first logon...
Please help..
Also, is there a way to track if the user changed password more than three times in a day..
Thank You...
gautam_reddycAsked:
Who is Participating?
 
AnoopChandranConnect With a Mentor Commented:
I think the below link is very helpful for you ...

Script for force the user to change the password ?

http://www.computerperformance.co.uk/vbscript/vbscript_pwdlastset.htm

Password reset count  ?

http://www.manageengine.com/products/ad-manager/windows-active-directory-password-reports.html
http://jira.atlassian.com/browse/CONF-6532

Anoop
0
 
rasantoroCommented:
Try this...

dsquery user OU=test,DC=mydomain,DC=local | dsmod user
-mustchpwd yes

I am not sure about tracking the number of password changes.
0
 
gautam_reddycAuthor Commented:
hi rasantoro,
   i didnt understand your solution.. Is it a C# code?

 I used the following code to unlock and reset password...

de.Properties["LockOutTime"].Value = 0x0000;

de.Invoke("SetPassword", new object[] { newPassword });

I just need the C# code to force the user to change the password after first logon..

Thank You..
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
bluntTonyCommented:
Hi there,
Try...
de.Properties["pwdLastSet"].Value = 0
By setting 'pwdLastSet' this effectively will force the user to change on next login.
Tony
0
 
bluntTonyCommented:
With regards to tracking the change, how about simply setting a minimum password age in AD to restrict how frequently they can do this?
On a domain linked GPO with your account policies:
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy > "Minimum Password Age"
Tony
0
 
gautam_reddycAuthor Commented:
bluntTony, got it... iam able to force user to change pwd after theire first logon..
Do you know how to keep track of users changing their passwords... Thank You..
0
 
AnoopChandranConnect With a Mentor Commented:
gautam_reddyc:

Let me knw how , is it my suggestions are helpful ?

Anoop
0
 
gautam_reddycAuthor Commented:
what do we use to retrieve password from AD to check if it has been reset?

string password = de.Properties["userPassword"].Value.ToString(); ??
0
 
gautam_reddycAuthor Commented:
Hi Anoop,
      Your suggestions are definately helpfull..Thank You Very Much..
      However, i dont want to close this question yet..
   
0
 
bluntTonyConnect With a Mentor Commented:
anoopchadran - I think we're talking C# not VBScript.

gautam_reddyc - unfortunately you cannot retrieve another user's password for security reasons. In order to track the changes without 3rd party software (which I assume must exist but I am not aware of) you would need to enable auditing on your DCs to log when a user changes the password. You could then scan you DCs security logs for these events and compile a report. You can interrogate the logs using WMI.

Although, why do you need to do this? Wouldn't it be better to just enforce a policy where users can only reset their password every x days, and must change at least every x days? This is a simple group policy.
0
 
gautam_reddycAuthor Commented:
hi bluntTony,
   Thanks for your reply.. that's a better option..

   When i run the code to reset pwd it runs fine... how to confirm if the password has been changed??
0
 
AnoopChandranCommented:
oops , thanks for your reply and sorry to not read carefully .... :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.