Re: "User cannot change pwd" and "Pwd never expire" by using Direc

From: Thauhtopa (Thauhtopa_at_discussions.microsoft.com)
Date: 12/06/04 

Date: Mon, 6 Dec 2004 01:11:02 -0800

Thank's for the Tip, have you a link for a example, please
Thauhtopa

"Joe Kaplan (MVP - ADSI)" wrote:

> You don't set that option in LDAP with that flag. Both the lockout flag and
> the user can't change password flag don't work for Active Directory.
>
> To set "user can't change password", you need to modify the DACL for the
> user's object. I don't know of a specific .NET sample, but there is a
> script sample that you can adopt on the KB.
>
> Joe K.
>
>
> "Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
> news:85DDC95B-DA31-433C-8184-E149AC199C40@microsoft.com...
> >I create a account by using the DirectorySerive and it is running:
> > ---------------------------------------------------------
> > Dim ContainerEntry As DirectoryEntry
> > Dim UserEntry As DirectoryEntry
> > Dim ChildCollection As DirectoryEntries
> > ContainerEntry = New DirectoryEntry(LDAPPath)
> > ChildCollection = ContainerEntry.Children
> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
> > "user")
> > UserEntry.Properties("samAccountName").Add(TextBoxNewAccountPre.Text)
> > UserEntry.CommitChanges()
> > ----------------------------------------------------
> >
> > In the next step you see the adding of some information, it is running:
> > ----------------------------------------------------
> > UserEntry.Properties("samAccountName").Add(TextBoxNewAccountPre.Text)
> >
> > UserEntry.Properties("userPrincipalName").Add(TextBoxNewAccount.Text
> > & ComboSuffix.Text)
> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
> > TextBoxLastName.Text
> > UserEntry.NativeObject.Description = TextBoxDescription.Text
> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator:
> > "
> > + GetCurrentUserName()
> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
> > ----------------------------------------------------
> >
> > In the next Step you see to set some constants and a call of a Sub
> > (The Values for the Constans you can find, here
> > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):
> > ----------------------------------------------------
> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
> > -----------------------------------------------------
> >
> > Now the last Steps, it is the sub to set the userAccountControl-value:
> > -----------------------------------------------------
> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
> > AccountOptions As Integer)
> > Dim val As Integer
> > val = Fix(User.Properties("userAccountControl").Value)
> > User.Properties("userAccountControl").Value = val Or AccountOptions
> > val = Fix(User.Properties("userAccountControl").Value)
> > User.CommitChanges()
> > End Sub 'SetAccountOptions
> > -----------------------------------------------------
> >
> > The Result is:
> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
> > running
> > perfect.
> >
> > the call
> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
> > NOTING HAPPENS
> >
> > Now my question:
> > I need a solution to set the property "User Cannot Change Password" over
> > the
> > DirectoryServices.
> >
> > Help, please
> > Thauhtopa
>
>
>