Bytes Expert Newtork: Connect with experts in IT / Business | Expert Topics



Search

Go Back   Programmers Resource > Programming Forums > ASP
Reload this Page Change Active Directory password from ASP
User Name
Password


Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
  #1  
Old 02-10-2006, 08:31 AM
Nook Schreier's Avatar
Nook Schreier Nook Schreier is offline
Mooderater
  
Join Date: Feb 2006
Location: Ohio
Posts: 579
Cool Change Active Directory password from ASP
I am trying to make an Intranet ASP page on Win2000/IIS5 (Web server is a member of the domain) that will change a user's password (and ultimately force them to change it at next login). I've been working on it on & off for three days, googling every phrase I could think of, and I found two methods, but neither seem to work. The closer of the two is this:
Code:
Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_SERVER_BIND = &H200

Sub ResetWPass(UserName)
  NewPass = lcase(UserName)
  sQuery = "SELECT DistinguishedName,sAMAccountName,displayName FROM 'LDAP://domserv.domain.local:389/DC=domain,DC=local' WHERE sAMAccountName = '" & UserName & "'"
  Set oCommand = CreateObject("ADODB.Command")
  Set oConnection = CreateObject("ADODB.Connection")
  oConnection.Provider = "ADsDSOObject;User ID=DOMAIN\administrator;Password=(*******)"
  oConnection.Open = "Active Directory Provider"
  oCommand.ActiveConnection = oConnection
  oCommand.CommandText = sQuery
  oCommand.Properties("Cache Results") = False
  Set oResults = oCommand.Execute
  If not oResults.EOF Then
	DistName = oResults.Fields("DistinguishedName")
	Set objAds = GetObject("LDAP:")
	Set oUser = objAds.OpenDsObject("LDAP://domserv.domain.local:389/" & DistName, "domain\administrator", "(*******)", ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)
	oUser.SetPassword(CStr(NewPass))
'	oUser.SetInfo
	Set objAds = Nothing
	Set oUser = Nothing
  End If
  oConnection.Close
End Sub
I've commented out SetInfo because it always returns an error saying that the method doesn't exist. If I put it before SetPassword, though, it doesn't return an error. When I run this code, I get a "permission denied" error on the line that has SetPassword. The admin user and password I use are correct, and in my actual code the server name and domain name are correct. I also tried using this instead of SetPassword, and it returns no errors, but it does not actually change the password:
Code:
	oUser.Put "UserPassword",NewPass
	oUser.Put "PwdLastSet", 0
	oUser.SetInfo
Any help is greatly appreciated!
Last edited by Nook Schreier : 02-10-2006 at 08:33 AM.
Reply With Quote
  #2  
Old 02-10-2006, 09:39 AM
Nook Schreier's Avatar
Nook Schreier Nook Schreier is offline
Mooderater
  
Join Date: Feb 2006
Location: Ohio
Posts: 579
> oUser.Put "UserPassword",NewPass
> oUser.Put "PwdLastSet", 0
> oUser.SetInfo

After searching a bit more, it turns out that the second of these two statemtents does actually work! The "User must change password..." setting turns on after it is run with this instead of setinfo, but only one of the two lines works. Out of frustrration, I tried running setinfo after setting the password and also I tried it without setting the "force change" (put pass, then set info only) but it didn't make any difference.
Reply With Quote
  #3  
Old 09-11-2006, 02:34 AM
10Fingers 10Fingers is offline
Registered User
  
Join Date: Sep 2006
Posts: 1
Wink
Hi Nook,
do I need to change any setting in the server before implementing this codE?


Quote:
Originally Posted by Nook Schreier
I am trying to make an Intranet ASP page on Win2000/IIS5 (Web server is a member of the domain) that will change a user's password (and ultimately force them to change it at next login). I've been working on it on & off for three days, googling every phrase I could think of, and I found two methods, but neither seem to work. The closer of the two is this:
Code:
Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_SERVER_BIND = &H200

Sub ResetWPass(UserName)
  NewPass = lcase(UserName)
  sQuery = "SELECT DistinguishedName,sAMAccountName,displayName FROM 'LDAP://domserv.domain.local:389/DC=domain,DC=local' WHERE sAMAccountName = '" & UserName & "'"
  Set oCommand = CreateObject("ADODB.Command")
  Set oConnection = CreateObject("ADODB.Connection")
  oConnection.Provider = "ADsDSOObject;User ID=DOMAIN\administrator;Password=(*******)"
  oConnection.Open = "Active Directory Provider"
  oCommand.ActiveConnection = oConnection
  oCommand.CommandText = sQuery
  oCommand.Properties("Cache Results") = False
  Set oResults = oCommand.Execute
  If not oResults.EOF Then
	DistName = oResults.Fields("DistinguishedName")
	Set objAds = GetObject("LDAP:")
	Set oUser = objAds.OpenDsObject("LDAP://domserv.domain.local:389/" & DistName, "domain\administrator", "(*******)", ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)
	oUser.SetPassword(CStr(NewPass))
'	oUser.SetInfo
	Set objAds = Nothing
	Set oUser = Nothing
  End If
  oConnection.Close
End Sub
I've commented out SetInfo because it always returns an error saying that the method doesn't exist. If I put it before SetPassword, though, it doesn't return an error. When I run this code, I get a "permission denied" error on the line that has SetPassword. The admin user and password I use are correct, and in my actual code the server name and domain name are correct. I also tried using this instead of SetPassword, and it returns no errors, but it does not actually change the password:
Code:
	oUser.Put "UserPassword",NewPass
	oUser.Put "PwdLastSet", 0
	oUser.SetInfo
Any help is greatly appreciated!
Reply With Quote
  #4  
Old 09-11-2006, 09:38 AM
Nook Schreier's Avatar
Nook Schreier Nook Schreier is offline
Mooderater
  
Join Date: Feb 2006
Location: Ohio
Posts: 579
You might notice that there is no solution posted... It does not work. It could be due to my environment, but I cannot give you much help on it past what is already there.
__________________
www.NookSchreier.Net
Reply With Quote
  #5  
Old 09-11-2006, 08:36 PM
twalter twalter is offline
Registered User
  
Join Date: Jul 2003
Location: Masssachusetts
Posts: 94
iisadmpwd
IIS comes with pages for changing your active directory password. Take a look under c:\windows\system32\inetserv for these files.

You will need to setup a virtural directory under IIS that points to c:\windows\system32\inetsrv\iisdmpwd

Also take a look at this page: http://support.microsoft.com/kb/894825/en-us
and http://support.microsoft.com/kb/833734/

Hopefully this will push in the right direction.

Good Luck!
__________________
Tom Walter
Reply With Quote
  #6  
Old 10-11-2006, 11:59 AM
Nook Schreier's Avatar
Nook Schreier Nook Schreier is offline
Mooderater
  
Join Date: Feb 2006
Location: Ohio
Posts: 579
reset password, not change password
Unfortunately, this will not work because with this code, you need to know the user's old password to change it. You cannot reset a password the user doesn't have.
__________________
www.NookSchreier.Net
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump



All times are GMT -5. The time now is 06:48 AM.


Contact Us - Programmers Resource - Archive - Top

Powered by: vBulletin Version 3.0.3
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
All content Copyright ©1999 - 2010, Programmers Resource, unless otherwise noted.