Reset AD user password from web interface

Does someone have or is published at the Internet some example of programming module that will be integrated at ASP web interface and allows to change user passwords at Active Directory?
LVL 1
pospichalalesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MidnightOneCommented:
IIS6 has this functionality built into it. Take a look under c:\windows\system32\inetserv for these files.

See also http://support.microsoft.com/kb/894825/en-us and http://support.microsoft.com/kb/833734/ is you have issues.
0
pospichalalesAuthor Commented:
Can you describe it? There are default pages where domain admin can change passwords for domain users?

I have IIS 7.5 and Windows Server 2008 R2.
0
pospichalalesAuthor Commented:
Otherwise, it is what I am finding, but domain admins does not know old password. I need this tool for resetting lost user passwords.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

MidnightOneCommented:
If a user doesn't know their old password, the best (security-wise) way is to call the admin. Without the ability to authenticate (and really that's what providing the old password does) there's no way to prevent someone OTHER than the user from resetting ANY password.
0
pospichalalesAuthor Commented:
What about to admin authentication?
If admin of domain logon to domain and visits the webpage, he is authorized.

Is it hard to write module which is connected to Active Directory and admin may change password for domain users?
0
pospichalalesAuthor Commented:
I found this code:

const int ADS_UF_ACCOUNTDISABLE = 0x0002;

string pathname = "WinNT:/zs.slapanov.cz/NetID,user";

DirectoryEntry user = new DirectoryEntry(pathname);

//Optionally provide credentials to connect to SAM

//user.Username = "DOMAIN\\User";

//user.Password = "password";

user.AuthenticationTypes = AuthenticationTypes.Secure;

//Reset Password

user.Invoke("SetPassword", new object[]{"newpassword"});

//Enable account

int flags = user.Properties["userAccountControl"].Value;

user.Properties["userAccountControl"].Value = flags & ~ADS_UF_ACCOUNTDISABLE;

user.CommitChanges();

//Change Password at next logon

user.Properties["passwordExpired"][0] = 1;

Is it working with Active Directory (Windows Server 2003 level) at Windows Server 2008 R2?

If yes, how can I implement this to ASP page?
0
pospichalalesAuthor Commented:
Last solution was not working, but this works. I implemented it to ASP without big problems.
Dim pUsername
Dim pPassword
 
if WScript.Arguments.Named.Item ("pUsername") <> "" then pUsername = WScript.Arguments.Named.Item ("pUsername") else pUsername = "test3"
if WScript.Arguments.Named.Item ("pPassword") <> "" then pPassword = WScript.Arguments.Named.Item ("pPassword") else pPassword = "FgxuDbOS1"
 
'Find the OU of the user passed as pUsername
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
 
objConnection.Properties("User ID") = "DOMAIN\DomainAdminUsername"
objConnection.Properties("Password") = "Password"
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
 
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://dc=test,dc=local' WHERE objectCategory='user' " & _
        "AND sAMAccountName='" & pUsername & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    vOU = objRecordSet.Fields("distinguishedName").Value
    objRecordSet.MoveNext
Loop
' End find OU
 
' Reset the password of the user
Set objUser = GetObject ("LDAP://" & vOU)
 
'Set the user's initial password
objUser.SetPassword pPassword
objUser.Put "pwdLastSet", "0"
 
'Commit changes to directory
objUser.SetInfo

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Project Management

From novice to tech pro — start learning today.