ASP.NET, Exception-: "Change Password " Active Directory


Hi,
I am trying to allow Users to change Password.
but getting this Exception in the process...after the User is Authenticated
"Unknown Name.... Exception from HRESULT:....

(Same Error as per this Ref..)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_26822122.html

Uisng C#.net, ASP.NET 2.0
if (adAuth_pwd.IsAuthenticated(username, pwd))
            {
                DirectoryEntry entry = new DirectoryEntry(_path, username, pwd);
                try
                {
                    entry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword });                                
                }
                catch (Exception ex)
                {
                    throw new Exception("Error changing password." + ex.Message);
                }                
            }

Open in new window

kishan66Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Todd GerbertIT ConsultantCommented:
I'd wager your _path is incorrect.  I believe the path to the user should look like LDAP://CN=John Doe,OU=Users,OU=Marketing,OU=California,DC=domain,DC=local
0
Todd GerbertIT ConsultantCommented:
Here's an option if you want to search the ActiveDirectory for a particular username:
string username = "jdoe";
			
DirectorySearcher searcher = new DirectorySearcher("(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + username + "))");
SearchResult result = searcher.FindOne();
if (result != null)
{
	DirectoryEntry userEntry = result.GetDirectoryEntry();
	userEntry.Invoke("ChangePassword", new object[] { "oldpw", "newpw" });
	Console.WriteLine("Password Changed");
}
else
	Console.WriteLine("User not found.");

Console.ReadKey();

Open in new window

0
Todd GerbertIT ConsultantCommented:
Here's another option using a the WinNT provider:
string username = "jdoe";
DirectoryEntry userEntry = new DirectoryEntry("WinNT://domain.com/" + username + ",user");
try
{
	userEntry.Invoke("ChangePassword", new object[] { "oldpw", "newpw" });
	Console.WriteLine("Password changed.");
}
catch (COMException ex)
{
	if (ex.ErrorCode == -2147022675)
		Console.WriteLine("Could not find user.");
}
Console.ReadKey();

Open in new window

0
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

kishan66Author Commented:
Hi tgerbert,

"_path" in above case works perfectly fine. As mentioned, i could authenticate the user.
Only After Authentication successful, user can change Password.
getting Exception after Authentication successful.

  entry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword });                      
0
Todd GerbertIT ConsultantCommented:
So "_path" contains the complete path to the user (i.e. it starts with LDAP://CN=The Users Name)?

If you write DirectoryEntry entry = new DirectoryEntry("LDAP://OU=domain,OU=com", "someusername", "thecorrectpassword") then entry will be a DirectoryEntry object that represents the domain, not "someusername", and since there is no "ChangePassword" for the domain's root you get the error.

Can you put a breakpoint in your program and tell me what, exactly, is in "_path"?
0
kishan66Author Commented:
Hi tgerbert,

i modified my code little bit ...now i get new Exeption...
But i does satisfy the IF condition ...

"Error changing password.Exception has been thrown by the target of an invocation"


DirectoryEntry entry = new DirectoryEntry(_path);
                try
                {
                    DirectorySearcher searcher = new DirectorySearcher(entry, username);
                    searcher.Filter = "(SAMAccountName=" + username + ")";
                    SearchResult result = searcher.FindOne();
                    if(result != null)
                    {
                        DirectoryEntry userEntry = result.GetDirectoryEntry();
	                    userEntry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword  });
                    }
catch (Exception ex)
{
             throw new Exception("Error changing password." + ex.Message);
}

Open in new window

0
kishan66Author Commented:
_path = "LDAP://xx.com";
0
Todd GerbertIT ConsultantCommented:
The DirectorySearcher constructor doesn't take a username parameter. http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx

Also note that the username & password passed to the DirectoryEntry constructor should be that of a user who has permission to change the password for the user you're looking for, "jdoe" in this example.

Your code should be:
string _path = "LDAP://xx.com";
string username = "jdoe";
DirectoryEntry searchRoot = new DirectoryEntry(_path, "administrator@xx.com", "secret");
DirectorySearcher searcher = new DirectorySearcher(searchRoot, "(sAMAccountName=" + username + ")");
SearchResult result = searcher.FindOne();
if (result != null)
	result.GetDirectoryEntry().Invoke("ChangePassword", "newpw", "SOgoer96");

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kishan66Author Commented:
Hi tgerbert,

So you mean to say " we have to pass the userId & pwd of the Admin who has password update permissions"? are you sure?
because, if in future we change the Admin password ...our code /Application will fail, right?

i read , if we are using SetPassword, in that case i have to use the Admin User& Password in the DirectoryEntry.
Pls correct me if wrong...





0
Todd GerbertIT ConsultantCommented:
Not necassarily.  The username/password you pass to the DirectoryEntry constructor (line 3 in my snippet above http:#a35235475) must correspond to a user who has permission to change the password of "username."  If you omit the username/password, then the user who's currently running the program will automatically be used. If the person running your program is already an administrator, don't pass anything for the username & password.

Normally there are two people who can change a user's password: 1) the user himself (you can change your own password), or 2) an administrator.
0
kishan66Author Commented:
Hi tgerbert,

I'm really sorry for bothering you for small issue.

I tried the same code as suggested by you in (http:#a35235475) by passing Admin username & Password. infact i tried below codes
string pwd = ChangePassword2.CurrentPassword;
a) result.GetDirectoryEntry().Invoke("ChangePassword", pwd, ChangePassword2.NewPassword );
b) result.GetDirectoryEntry().Invoke("ChangePassword",new object[] { pwd, ChangePassword2.NewPassword });

In both cases i get the Exception:
Error changing password.Exception has been thrown by the target of an invocation.

its kind of frustrating....



0
kishan66Author Commented:
tgerbert,

When i used InnerException.Message .. i got this below exception

"Error changing password.A constraint violation occurred"
0
Todd GerbertIT ConsultantCommented:
Your password must not have conformed to your network's Password Policies. Too short, too long, was previously used, was changed too recently, etc.
0
kishan66Author Commented:
Hi Tgerbert,
i'm so sorry for the late reply ..as i was held up with other tasks...
Anay ways, i could not resolve the issue.

Dont know whether i can get back to the same question or not?

For know i will close it...

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.