ASP.NET, Exception-: "Change Password " Active Directory


Hi,
I am trying to allow Users to change Password.
but getting this Exception in the process...after the User is Authenticated
"Unknown Name.... Exception from HRESULT:....

(Same Error as per this Ref..)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_26822122.html

Uisng C#.net, ASP.NET 2.0
if (adAuth_pwd.IsAuthenticated(username, pwd))
            {
                DirectoryEntry entry = new DirectoryEntry(_path, username, pwd);
                try
                {
                    entry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword });                                
                }
                catch (Exception ex)
                {
                    throw new Exception("Error changing password." + ex.Message);
                }                
            }

Open in new window

kishan66Asked:
Who is Participating?
 
Todd GerbertConnect With a Mentor IT ConsultantCommented:
The DirectorySearcher constructor doesn't take a username parameter. http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx

Also note that the username & password passed to the DirectoryEntry constructor should be that of a user who has permission to change the password for the user you're looking for, "jdoe" in this example.

Your code should be:
string _path = "LDAP://xx.com";
string username = "jdoe";
DirectoryEntry searchRoot = new DirectoryEntry(_path, "administrator@xx.com", "secret");
DirectorySearcher searcher = new DirectorySearcher(searchRoot, "(sAMAccountName=" + username + ")");
SearchResult result = searcher.FindOne();
if (result != null)
	result.GetDirectoryEntry().Invoke("ChangePassword", "newpw", "SOgoer96");

Open in new window

0
 
Todd GerbertIT ConsultantCommented:
I'd wager your _path is incorrect.  I believe the path to the user should look like LDAP://CN=John Doe,OU=Users,OU=Marketing,OU=California,DC=domain,DC=local
0
 
Todd GerbertIT ConsultantCommented:
Here's an option if you want to search the ActiveDirectory for a particular username:
string username = "jdoe";
			
DirectorySearcher searcher = new DirectorySearcher("(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + username + "))");
SearchResult result = searcher.FindOne();
if (result != null)
{
	DirectoryEntry userEntry = result.GetDirectoryEntry();
	userEntry.Invoke("ChangePassword", new object[] { "oldpw", "newpw" });
	Console.WriteLine("Password Changed");
}
else
	Console.WriteLine("User not found.");

Console.ReadKey();

Open in new window

0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
Todd GerbertIT ConsultantCommented:
Here's another option using a the WinNT provider:
string username = "jdoe";
DirectoryEntry userEntry = new DirectoryEntry("WinNT://domain.com/" + username + ",user");
try
{
	userEntry.Invoke("ChangePassword", new object[] { "oldpw", "newpw" });
	Console.WriteLine("Password changed.");
}
catch (COMException ex)
{
	if (ex.ErrorCode == -2147022675)
		Console.WriteLine("Could not find user.");
}
Console.ReadKey();

Open in new window

0
 
kishan66Author Commented:
Hi tgerbert,

"_path" in above case works perfectly fine. As mentioned, i could authenticate the user.
Only After Authentication successful, user can change Password.
getting Exception after Authentication successful.

  entry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword });                      
0
 
Todd GerbertIT ConsultantCommented:
So "_path" contains the complete path to the user (i.e. it starts with LDAP://CN=The Users Name)?

If you write DirectoryEntry entry = new DirectoryEntry("LDAP://OU=domain,OU=com", "someusername", "thecorrectpassword") then entry will be a DirectoryEntry object that represents the domain, not "someusername", and since there is no "ChangePassword" for the domain's root you get the error.

Can you put a breakpoint in your program and tell me what, exactly, is in "_path"?
0
 
kishan66Author Commented:
Hi tgerbert,

i modified my code little bit ...now i get new Exeption...
But i does satisfy the IF condition ...

"Error changing password.Exception has been thrown by the target of an invocation"


DirectoryEntry entry = new DirectoryEntry(_path);
                try
                {
                    DirectorySearcher searcher = new DirectorySearcher(entry, username);
                    searcher.Filter = "(SAMAccountName=" + username + ")";
                    SearchResult result = searcher.FindOne();
                    if(result != null)
                    {
                        DirectoryEntry userEntry = result.GetDirectoryEntry();
	                    userEntry.Invoke("ChangePassword", new object[] { pwd, ChangePassword2.NewPassword  });
                    }
catch (Exception ex)
{
             throw new Exception("Error changing password." + ex.Message);
}

Open in new window

0
 
kishan66Author Commented:
_path = "LDAP://xx.com";
0
 
kishan66Author Commented:
Hi tgerbert,

So you mean to say " we have to pass the userId & pwd of the Admin who has password update permissions"? are you sure?
because, if in future we change the Admin password ...our code /Application will fail, right?

i read , if we are using SetPassword, in that case i have to use the Admin User& Password in the DirectoryEntry.
Pls correct me if wrong...





0
 
Todd GerbertIT ConsultantCommented:
Not necassarily.  The username/password you pass to the DirectoryEntry constructor (line 3 in my snippet above http:#a35235475) must correspond to a user who has permission to change the password of "username."  If you omit the username/password, then the user who's currently running the program will automatically be used. If the person running your program is already an administrator, don't pass anything for the username & password.

Normally there are two people who can change a user's password: 1) the user himself (you can change your own password), or 2) an administrator.
0
 
kishan66Author Commented:
Hi tgerbert,

I'm really sorry for bothering you for small issue.

I tried the same code as suggested by you in (http:#a35235475) by passing Admin username & Password. infact i tried below codes
string pwd = ChangePassword2.CurrentPassword;
a) result.GetDirectoryEntry().Invoke("ChangePassword", pwd, ChangePassword2.NewPassword );
b) result.GetDirectoryEntry().Invoke("ChangePassword",new object[] { pwd, ChangePassword2.NewPassword });

In both cases i get the Exception:
Error changing password.Exception has been thrown by the target of an invocation.

its kind of frustrating....



0
 
kishan66Author Commented:
tgerbert,

When i used InnerException.Message .. i got this below exception

"Error changing password.A constraint violation occurred"
0
 
Todd GerbertIT ConsultantCommented:
Your password must not have conformed to your network's Password Policies. Too short, too long, was previously used, was changed too recently, etc.
0
 
kishan66Author Commented:
Hi Tgerbert,
i'm so sorry for the late reply ..as i was held up with other tasks...
Anay ways, i could not resolve the issue.

Dont know whether i can get back to the same question or not?

For know i will close it...

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.