Re: change password in active directory by webapplication (vb.net)

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 04/27/04

  • Next message: Sara rafiee: "Re: change password in active directory by webapplication (vb.net)" 
    Date: Mon, 26 Apr 2004 23:10:56 -0500

    Ok, I see. Here are the steps to accomplish that:

    1. Bind to the directory root with with the user's current name and password
    to get the domain search root
    2. Find the user by their username in the directory using the
    DirectorySearcher
    3. Bind the user's DirectoryEntry (found from 2)
    4. Invoke the ChangePassword method (not the SetPassword method, since that
    is used by admins to reset a password)

    Here is some sample code that should come close to what you are trying to
    do. I wasn't able to test this, and you may need to modify it based on your
    DC name and also on the type of encryption you are going to use (SSL or
    Kerberos).

        Private Sub ChangePassword(ByVal username As String, ByVal oldPassword
    As String, ByVal newPassword As String)

            Dim dcDNS As String = "yourdc.com" 'use this if you want to supply a
    server name
            Dim rootDN As String
            Dim rootDSE As DirectoryEntry
            Dim searchRoot As DirectoryEntry
            Dim userEntry As DirectoryEntry
            Dim searcher As DirectorySearcher
            Dim results As SearchResultCollection
            Dim result As SearchResult

            Try
                'note the authenicationtypes here
                'you need to either use SecureSocketsLayer or Kerberos (Secure +
    Sealing)
                rootDSE = New DirectoryEntry(String.Format("LDAP://{0}/rootDSE",
    dcDNS), username, oldPassword, AuthenticationTypes.Secure Or
    AuthenticationTypes.Sealing Or AuthenticationTypes.ServerBind)
                rootDN =
    DirectCast(rootDSE.Properties("defaultNamingContext").Value, String)
                searchRoot = New DirectoryEntry(String.Format("LDAP://{0}/{1}",
    dcDNS, rootDN), username, oldPassword, AuthenticationTypes.Secure Or
    AuthenticationTypes.Sealing Or AuthenticationTypes.ServerBind)
                searcher = New DirectorySearcher(searchRoot)
                searcher.Filter = String.Format("sAMAccountName={0}", username)
                searcher.SearchScope = SearchScope.Subtree
                searcher.CacheResults = False

                'I use FindAll here because FindOne leaks memory if it does not
    find anything
                'in .NET 1.0 and 1.1
                results = searcher.FindAll()
                For Each result In results
                    'only use this method on .NET 1.1 or higher
                    'otherwise, get the adsPath value and build a new
    DirectoryEntry with the supplied credentials
                    userEntry = result.GetDirectoryEntry()
                    Exit For 'this is redundant because sAMAccountName is unique
    in the domain, but it is done for clarity
                Next

                If userEntry Is Nothing Then
                    Throw New InvalidOperationException("User not found in this
    domain.")
                End If

                userEntry.Invoke("ChangePassword", New Object() {oldPassword,
    newPassword})
                userEntry.CommitChanges()

            Catch ex As System.Reflection.TargetInvocationException
                Throw ex.InnerException

            Finally 'these prevent other memory leaks
                If Not userEntry Is Nothing Then userEntry.Dispose()
                If Not results Is Nothing Then results.Dispose()
                If Not searcher Is Nothing Then searcher.Dispose()
                If Not searchRoot Is Nothing Then searchRoot.Dispose()
                If Not rootDSE Is Nothing Then rootDSE.Dispose()
            End Try
        End Sub

    Joe K.

    "Sara rafiee" <sara_ir110@yahoo.com> wrote in message
    news:%23COYLhALEHA.3052@TK2MSFTNGP12.phx.gbl...
    > Hi
    > let me explain it clearly
    > I have a form which has three textbox, to get user information. first
    > textbox is username, second one is user_old_password and third one is
    > user_new_password. with that code when user entered request part and
    > click on submit button I want that this user at first checked with
    > active directory and then if he entered his username and old_password
    > correctly ; I mean the result of search is one then the new password set
    > instead of old one. but up to now I wasn't success in it. if you need
    > any more details I will tell you more. thanks...
    >
    >
    > Private Sub btn1_Click(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles btn1.Click
    >
    >
    > Dim entry As DirectoryEntry = New
    > DirectoryEntry("LDAP://Hosnieh_Rafiee", username.Text, oldpass.Text,
    > AuthenticationTypes.Secure)
    > Dim search As New DirectorySearcher(entry)
    > Dim result As SearchResult = search.FindOne
    > If Not result Is Nothing Then
    > entry.Invoke("setPassword", New Object() {newpass.Text})
    > entry.CommitChanges()
    > Response.Write("successful")
    > Else
    > Response.Write("invalid")
    > End If
    >
    > End Sub
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!

  • Next message: Sara rafiee: "Re: change password in active directory by webapplication (vb.net)"
    • Quantcast