pospichalales
asked on
Reset AD user password from web interface
Does someone have or is published at the Internet some example of programming module that will be integrated at ASP web interface and allows to change user passwords at Active Directory?
ASKER
Can you describe it? There are default pages where domain admin can change passwords for domain users?
I have IIS 7.5 and Windows Server 2008 R2.
I have IIS 7.5 and Windows Server 2008 R2.
ASKER
Otherwise, it is what I am finding, but domain admins does not know old password. I need this tool for resetting lost user passwords.
If a user doesn't know their old password, the best (security-wise) way is to call the admin. Without the ability to authenticate (and really that's what providing the old password does) there's no way to prevent someone OTHER than the user from resetting ANY password.
ASKER
What about to admin authentication?
If admin of domain logon to domain and visits the webpage, he is authorized.
Is it hard to write module which is connected to Active Directory and admin may change password for domain users?
If admin of domain logon to domain and visits the webpage, he is authorized.
Is it hard to write module which is connected to Active Directory and admin may change password for domain users?
ASKER
I found this code:
const int ADS_UF_ACCOUNTDISABLE = 0x0002;
string pathname = "WinNT:/zs.slapanov.cz/Net ID,user";
DirectoryEntry user = new DirectoryEntry(pathname);
//Optionally provide credentials to connect to SAM
//user.Username = "DOMAIN\\User";
//user.Password = "password";
user.AuthenticationTypes = AuthenticationTypes.Secure ;
//Reset Password
user.Invoke("SetPassword", new object[]{"newpassword"});
//Enable account
int flags = user.Properties["userAccou ntControl" ].Value;
user.Properties["userAccou ntControl" ].Value = flags & ~ADS_UF_ACCOUNTDISABLE;
user.CommitChanges();
//Change Password at next logon
user.Properties["passwordE xpired"][0 ] = 1;
Is it working with Active Directory (Windows Server 2003 level) at Windows Server 2008 R2?
If yes, how can I implement this to ASP page?
const int ADS_UF_ACCOUNTDISABLE = 0x0002;
string pathname = "WinNT:/zs.slapanov.cz/Net
DirectoryEntry user = new DirectoryEntry(pathname);
//Optionally provide credentials to connect to SAM
//user.Username = "DOMAIN\\User";
//user.Password = "password";
user.AuthenticationTypes = AuthenticationTypes.Secure
//Reset Password
user.Invoke("SetPassword",
//Enable account
int flags = user.Properties["userAccou
user.Properties["userAccou
user.CommitChanges();
//Change Password at next logon
user.Properties["passwordE
Is it working with Active Directory (Windows Server 2003 level) at Windows Server 2008 R2?
If yes, how can I implement this to ASP page?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
See also http://support.microsoft.com/kb/894825/en-us and http://support.microsoft.com/kb/833734/ is you have issues.