Active Directory

Hey.. i am trying to unlock and reset password in the Active Directory..

The code is working fine for some of the employees...

but it is giving errors for some employee ids..

it is giving below errors
1) General Access Denied ---> No idea why access is denied to unlock some empid's
2) Exception has been thrown by object of invocation --> Not sure
3) Object reference not set to instance of an object... ---> Empid may not exist in Active Directory
gautam_reddycAsked:
Who is Participating?
 
Todd GerbertConnect With a Mentor IT ConsultantCommented:
So employee ID is their Active Directory username?  Like "jsmith" for John Smith?

Is your web service running as a user that has necessary access rights to modify all users in your domain?

Can you post your code that's not running as you expect, and your web.config?


Here's some code I use in a web service to set passwords and enable/disable users...
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;

namespace ConsoleApplication1
{
	class Class1
	{
		const string SEARCH_ROOT_PATH = "LDAP://DC=yourdomain,DC=com";

		[Flags]
		public enum AdsUserFlags : int
		{
			AccountDisabled = 2,                 // 0x2
		}

		public static DirectoryEntry GetUserEntry(string UserName)
		{
			// This function will search the domain for a user by username
			// and return it's directory entry if found, or null if not found
			DirectorySearcher dsSearcher = new DirectorySearcher(
				new DirectoryEntry(SEARCH_ROOT_PATH),
				"(&(objectCategory=user)(sAMAccountName=" + UserName + "))",
				new string[] { },
				SearchScope.Subtree);

			SearchResult result = dsSearcher.FindOne();

			if (result == null)
				return null;
			else
				return result.GetDirectoryEntry();
		}

		public static bool UserEnabled(string UserName, bool Enabled)
		{
			// This function marks a user account enabled or disabled
			// It returns true if successful, or false otherwise

			int curAccountControl;
			DirectoryEntry user = GetUserEntry(UserName);

			if (user == null)
				return false; // Couldn't find user, return false

			curAccountControl = (int)user.Properties["userAccountControl"].Value;

			if (Enabled)
				user.Properties["userAccountControl"].Value = curAccountControl & (int)~AdsUserFlags.AccountDisabled;
			else
				user.Properties["userAccountControl"].Value = curAccountControl | (int)AdsUserFlags.AccountDisabled;

			try
			{
				user.CommitChanges();
				user.Close();
			}
			catch (Exception)
			{
				return false;
			}

			return true;
		}

		public static bool SetPassword(string UserName, string NewPassword)
		{
			// This function resets a user password
			// Returns true if successful, false otherwise

			DirectoryEntry user = GetUserEntry(UserName);

			if (user == null)
				return false; // Couldn't find user, return false

			try
			{
				user.Invoke("SetPassword", new object[] { NewPassword });
				user.CommitChanges();
			}
			catch (Exception)
			{
				return false;
			}
			finally
			{
				user.Close();
			}

			return true;
		}
	}
}

Open in new window

0
 
Todd GerbertIT ConsultantCommented:
Can you describe your application some more, and post some code?

Is this a web application, web service, windows console or forms app?

What is an employee ID, a property of a user object?
0
 
gautam_reddycAuthor Commented:
it is a web service...

empid is the user object.. Key in the AD

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.