Link to home
Start Free TrialLog in
Avatar of pospichalales
pospichalales

asked on

Reset AD user password from web interface

Does someone have or is published at the Internet some example of programming module that will be integrated at ASP web interface and allows to change user passwords at Active Directory?
Avatar of MidnightOne
MidnightOne
Flag of United States of America image

IIS6 has this functionality built into it. Take a look under c:\windows\system32\inetserv for these files.

See also http://support.microsoft.com/kb/894825/en-us and http://support.microsoft.com/kb/833734/ is you have issues.
Avatar of pospichalales
pospichalales

ASKER

Can you describe it? There are default pages where domain admin can change passwords for domain users?

I have IIS 7.5 and Windows Server 2008 R2.
Otherwise, it is what I am finding, but domain admins does not know old password. I need this tool for resetting lost user passwords.
If a user doesn't know their old password, the best (security-wise) way is to call the admin. Without the ability to authenticate (and really that's what providing the old password does) there's no way to prevent someone OTHER than the user from resetting ANY password.
What about to admin authentication?
If admin of domain logon to domain and visits the webpage, he is authorized.

Is it hard to write module which is connected to Active Directory and admin may change password for domain users?
I found this code:

const int ADS_UF_ACCOUNTDISABLE = 0x0002;

string pathname = "WinNT:/zs.slapanov.cz/NetID,user";

DirectoryEntry user = new DirectoryEntry(pathname);

//Optionally provide credentials to connect to SAM

//user.Username = "DOMAIN\\User";

//user.Password = "password";

user.AuthenticationTypes = AuthenticationTypes.Secure;

//Reset Password

user.Invoke("SetPassword", new object[]{"newpassword"});

//Enable account

int flags = user.Properties["userAccountControl"].Value;

user.Properties["userAccountControl"].Value = flags & ~ADS_UF_ACCOUNTDISABLE;

user.CommitChanges();

//Change Password at next logon

user.Properties["passwordExpired"][0] = 1;

Is it working with Active Directory (Windows Server 2003 level) at Windows Server 2008 R2?

If yes, how can I implement this to ASP page?
ASKER CERTIFIED SOLUTION
Avatar of pospichalales
pospichalales

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial