[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

Reset AD user password from web interface

Does someone have or is published at the Internet some example of programming module that will be integrated at ASP web interface and allows to change user passwords at Active Directory?
0
pospichalales
Asked:
pospichalales
  • 5
  • 2
1 Solution
 
MidnightOneCommented:
IIS6 has this functionality built into it. Take a look under c:\windows\system32\inetserv for these files.

See also http://support.microsoft.com/kb/894825/en-us and http://support.microsoft.com/kb/833734/ is you have issues.
0
 
pospichalalesAuthor Commented:
Can you describe it? There are default pages where domain admin can change passwords for domain users?

I have IIS 7.5 and Windows Server 2008 R2.
0
 
pospichalalesAuthor Commented:
Otherwise, it is what I am finding, but domain admins does not know old password. I need this tool for resetting lost user passwords.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
MidnightOneCommented:
If a user doesn't know their old password, the best (security-wise) way is to call the admin. Without the ability to authenticate (and really that's what providing the old password does) there's no way to prevent someone OTHER than the user from resetting ANY password.
0
 
pospichalalesAuthor Commented:
What about to admin authentication?
If admin of domain logon to domain and visits the webpage, he is authorized.

Is it hard to write module which is connected to Active Directory and admin may change password for domain users?
0
 
pospichalalesAuthor Commented:
I found this code:

const int ADS_UF_ACCOUNTDISABLE = 0x0002;

string pathname = "WinNT:/zs.slapanov.cz/NetID,user";

DirectoryEntry user = new DirectoryEntry(pathname);

//Optionally provide credentials to connect to SAM

//user.Username = "DOMAIN\\User";

//user.Password = "password";

user.AuthenticationTypes = AuthenticationTypes.Secure;

//Reset Password

user.Invoke("SetPassword", new object[]{"newpassword"});

//Enable account

int flags = user.Properties["userAccountControl"].Value;

user.Properties["userAccountControl"].Value = flags & ~ADS_UF_ACCOUNTDISABLE;

user.CommitChanges();

//Change Password at next logon

user.Properties["passwordExpired"][0] = 1;

Is it working with Active Directory (Windows Server 2003 level) at Windows Server 2008 R2?

If yes, how can I implement this to ASP page?
0
 
pospichalalesAuthor Commented:
Last solution was not working, but this works. I implemented it to ASP without big problems.
Dim pUsername
Dim pPassword
 
if WScript.Arguments.Named.Item ("pUsername") <> "" then pUsername = WScript.Arguments.Named.Item ("pUsername") else pUsername = "test3"
if WScript.Arguments.Named.Item ("pPassword") <> "" then pPassword = WScript.Arguments.Named.Item ("pPassword") else pPassword = "FgxuDbOS1"
 
'Find the OU of the user passed as pUsername
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
 
objConnection.Properties("User ID") = "DOMAIN\DomainAdminUsername"
objConnection.Properties("Password") = "Password"
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
 
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://dc=test,dc=local' WHERE objectCategory='user' " & _
        "AND sAMAccountName='" & pUsername & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    vOU = objRecordSet.Fields("distinguishedName").Value
    objRecordSet.MoveNext
Loop
' End find OU
 
' Reset the password of the user
Set objUser = GetObject ("LDAP://" & vOU)
 
'Set the user's initial password
objUser.SetPassword pPassword
objUser.Put "pwdLastSet", "0"
 
'Commit changes to directory
objUser.SetInfo

Open in new window

0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now