Link to home
Create AccountLog in
Avatar of kishan66
kishan66Flag for United States of America

asked on

ASP.NET, Exception-: "Change Password " Active Directory


Hi,
I am trying to allow Users to change Password.
but getting this Exception in the process...after the User is Authenticated
"Unknown Name.... Exception from HRESULT:....

(Same Error as per this Ref..)
https://www.experts-exchange.com/questions/26822122/Change-Password-of-Active-Directory-user-using-C.html

Uisng C#.net, ASP.NET 2.0
if (adAuth_pwd.IsAuthenticated(username, pwd))
            {
                DirectoryEntry entry = new DirectoryEntry(_path, username, pwd);
                try
                {
                    entry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword });                                
                }
                catch (Exception ex)
                {
                    throw new Exception("Error changing password." + ex.Message);
                }                
            }

Open in new window

Avatar of Todd Gerbert
Todd Gerbert
Flag of United States of America image

I'd wager your _path is incorrect.  I believe the path to the user should look like LDAP://CN=John Doe,OU=Users,OU=Marketing,OU=California,DC=domain,DC=local
Here's an option if you want to search the ActiveDirectory for a particular username:
string username = "jdoe";
			
DirectorySearcher searcher = new DirectorySearcher("(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + username + "))");
SearchResult result = searcher.FindOne();
if (result != null)
{
	DirectoryEntry userEntry = result.GetDirectoryEntry();
	userEntry.Invoke("ChangePassword", new object[] { "oldpw", "newpw" });
	Console.WriteLine("Password Changed");
}
else
	Console.WriteLine("User not found.");

Console.ReadKey();

Open in new window

Here's another option using a the WinNT provider:
string username = "jdoe";
DirectoryEntry userEntry = new DirectoryEntry("WinNT://domain.com/" + username + ",user");
try
{
	userEntry.Invoke("ChangePassword", new object[] { "oldpw", "newpw" });
	Console.WriteLine("Password changed.");
}
catch (COMException ex)
{
	if (ex.ErrorCode == -2147022675)
		Console.WriteLine("Could not find user.");
}
Console.ReadKey();

Open in new window

Avatar of kishan66

ASKER

Hi tgerbert,

"_path" in above case works perfectly fine. As mentioned, i could authenticate the user.
Only After Authentication successful, user can change Password.
getting Exception after Authentication successful.

  entry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword });                      
So "_path" contains the complete path to the user (i.e. it starts with LDAP://CN=The Users Name)?

If you write DirectoryEntry entry = new DirectoryEntry("LDAP://OU=domain,OU=com", "someusername", "thecorrectpassword") then entry will be a DirectoryEntry object that represents the domain, not "someusername", and since there is no "ChangePassword" for the domain's root you get the error.

Can you put a breakpoint in your program and tell me what, exactly, is in "_path"?
Hi tgerbert,

i modified my code little bit ...now i get new Exeption...
But i does satisfy the IF condition ...

"Error changing password.Exception has been thrown by the target of an invocation"


DirectoryEntry entry = new DirectoryEntry(_path);
                try
                {
                    DirectorySearcher searcher = new DirectorySearcher(entry, username);
                    searcher.Filter = "(SAMAccountName=" + username + ")";
                    SearchResult result = searcher.FindOne();
                    if(result != null)
                    {
                        DirectoryEntry userEntry = result.GetDirectoryEntry();
	                    userEntry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword  });
                    }
catch (Exception ex)
{
             throw new Exception("Error changing password." + ex.Message);
}

Open in new window

_path = "LDAP://xx.com";
ASKER CERTIFIED SOLUTION
Avatar of Todd Gerbert
Todd Gerbert
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hi tgerbert,

So you mean to say " we have to pass the userId & pwd of the Admin who has password update permissions"? are you sure?
because, if in future we change the Admin password ...our code /Application will fail, right?

i read , if we are using SetPassword, in that case i have to use the Admin User& Password in the DirectoryEntry.
Pls correct me if wrong...





Not necassarily.  The username/password you pass to the DirectoryEntry constructor (line 3 in my snippet above http:#a35235475) must correspond to a user who has permission to change the password of "username."  If you omit the username/password, then the user who's currently running the program will automatically be used. If the person running your program is already an administrator, don't pass anything for the username & password.

Normally there are two people who can change a user's password: 1) the user himself (you can change your own password), or 2) an administrator.
Hi tgerbert,

I'm really sorry for bothering you for small issue.

I tried the same code as suggested by you in (http:#a35235475) by passing Admin username & Password. infact i tried below codes
string pwd = ChangePassword2.CurrentPassword;
a) result.GetDirectoryEntry().Invoke("ChangePassword", pwd, ChangePassword2.NewPassword );
b) result.GetDirectoryEntry().Invoke("ChangePassword",new object[] { pwd, ChangePassword2.NewPassword });

In both cases i get the Exception:
Error changing password.Exception has been thrown by the target of an invocation.

its kind of frustrating....



tgerbert,

When i used InnerException.Message .. i got this below exception

"Error changing password.A constraint violation occurred"
Your password must not have conformed to your network's Password Policies. Too short, too long, was previously used, was changed too recently, etc.
Hi Tgerbert,
i'm so sorry for the late reply ..as i was held up with other tasks...
Anay ways, i could not resolve the issue.

Dont know whether i can get back to the same question or not?

For know i will close it...

Thanks