Solved

IIS change password multiple domains

Posted on 2010-09-14
6
899 Views
Last Modified: 2012-05-10
Im running win2003 IIS. I have setup the change password feature for OWA, intranet etc. I recently added an additional domain to my forest. The change password feature is not working for the users in the new domain. Any ideas?
0
Comment
Question by:KratosDefense
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 33674278
ok..You created addtional domain controller for this domain or one more domain for existing forest?
I guess its additional domain - So u have to create a trust between these 2 domain, also you have to enable the GC role for this server, then wait for rplication happenes or do gpupdate \force for force update.
0
 

Author Comment

by:KratosDefense
ID: 33674333
Already done all of that (trust, GC etc.) Domain has been in place for a month already.
0
 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 33674531
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:KratosDefense
ID: 33675883
Nope didn't fix. I have the IISADMPWD setup and working properly. I believe the problem is in the achg.asp page. here is a snippet from it:

<%end if%>
<%
      On Error resume next
      dim domain, posbs, posat, username, pUser, root
      dim upn_name

      upn_name = ""

      domain = Trim(Request.Form("domain"))
      ' if no domain is present we try to get the domain from the username,
      ' e.g. domainusername or praesi@ultraschallpiloten.com
      
      if domain = "" then
            posbs = Instr(1,Request.Form("acct"),"\" )
            posat = Instr(1,Request.Form("acct"),"@" )
            if posbs > 0 then
                  domain = Left(Request.Form("acct"),posbs-1)
                  username = Right(Request.Form("acct"),len(Request.Form("acct")) - posbs)
            elseif posat > 0 then
                  upn_name = Request.Form("acct")
                  domain = Right(upn_name, len(upn_name) - posat)
                  username = Left(upn_name, posat-1)
            else      
                  username = Request.Form("acct")
                  set nw = Server.CreateObject("WScript.Network")
                  domain = "WFINET"
                  ' domain = nw.Computername
            end if

Note the domain WFINET, thats the domain it works for, I need it to look at an additional domain if the user account doesnt exist in the wfinet domain. Any idea what the asp coding would be that I need to add?
0
 
LVL 21

Accepted Solution

by:
Radhakrishnan R earned 500 total points
ID: 33679629
You can try this script, I am not sure whether it will resolve you issue but you can try once
The existing script has some logic to deal with a UPN if the domain is not present, the problem is that the users upn is not the same as the domain so it fails.  To get around the problem you can replace the code that looks like this:

set pUser = Server.CreateObject("IIS.PwdChg")

if Not IsObject(pUser) then

       set pUser = GetObject("WinNT://" & domain & "/" & username & ",user")

       if Not IsObject(pUser) then

              set root = GetObject("WinNT:")

              set pUser = root.OpenDSObject("WinNT://" & domain & "/" & username & ",user", username, Request.Form("old"),1)

              Response.Write "<!--OpenDSObject call-->"

       end if

else

       pUser.Domain = domain

       pUser.User = username

       pUser.UPN = upn_name

end if

 

With

 

Set PUser = Createobject("ADSystemInfo")

Set  Root = GetObject("LDAP:")

Set Puser = Root.OpenDSObject("LDAP://" & pUser.Username, Request.Form("Acct"), Request.Form("old"),1)

 

To ensure that it works correctly the domain field has to be empty and the account should be entered as the e-mail address.  I would recommend that you change the page to reset the domain field to “” and to ensure the username has an @ in it.  Otherwise this will work.

Also have a look at this MS article about password change problem
http://support.microsoft.com/?id=894825

Good Luck}
0
 

Author Closing Comment

by:KratosDefense
ID: 33803485
thxs
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
where can I find details of "500 - Internal server error." on IIS/Windows 3 151
Internal to DMZ IIS Authentication. 3 94
Reverse Proxy problem 3 36
Services disabled 1 31
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question