Re: "User cannot change pwd" and "Pwd never expire" by using Direc

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 12/06/04 

Date: Mon, 6 Dec 2004 09:18:38 -0600

Google turned this up:

http://support.microsoft.com/default.aspx?scid=kb;en-us;301287

Joe K.

"Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
news:4EAD6339-5961-4634-BEA4-638F989D7311@microsoft.com...
> Thank's for the Tip, have you a link for a example, please
> Thauhtopa
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> You don't set that option in LDAP with that flag. Both the lockout flag
>> and
>> the user can't change password flag don't work for Active Directory.
>>
>> To set "user can't change password", you need to modify the DACL for the
>> user's object. I don't know of a specific .NET sample, but there is a
>> script sample that you can adopt on the KB.
>>
>> Joe K.
>>
>>
>> "Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
>> news:85DDC95B-DA31-433C-8184-E149AC199C40@microsoft.com...
>> >I create a account by using the DirectorySerive and it is running:
>> > ---------------------------------------------------------
>> > Dim ContainerEntry As DirectoryEntry
>> > Dim UserEntry As DirectoryEntry
>> > Dim ChildCollection As DirectoryEntries
>> > ContainerEntry = New DirectoryEntry(LDAPPath)
>> > ChildCollection = ContainerEntry.Children
>> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " +
>> > strLastName,
>> > "user")
>> > UserEntry.Properties("samAccountName").Add(TextBoxNewAccountPre.Text)
>> > UserEntry.CommitChanges()
>> > ----------------------------------------------------
>> >
>> > In the next step you see the adding of some information, it is running:
>> > ----------------------------------------------------
>> > UserEntry.Properties("samAccountName").Add(TextBoxNewAccountPre.Text)
>> >
>> > UserEntry.Properties("userPrincipalName").Add(TextBoxNewAccount.Text
>> > & ComboSuffix.Text)
>> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
>> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " "
>> > +
>> > TextBoxLastName.Text
>> > UserEntry.NativeObject.Description = TextBoxDescription.Text
>> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct
>> > creator:
>> > "
>> > + GetCurrentUserName()
>> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
>> > ----------------------------------------------------
>> >
>> > In the next Step you see to set some constants and a call of a Sub
>> > (The Values for the Constans you can find, here
>> > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):
>> > ----------------------------------------------------
>> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
>> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
>> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
>> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
>> > -----------------------------------------------------
>> >
>> > Now the last Steps, it is the sub to set the userAccountControl-value:
>> > -----------------------------------------------------
>> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
>> > AccountOptions As Integer)
>> > Dim val As Integer
>> > val = Fix(User.Properties("userAccountControl").Value)
>> > User.Properties("userAccountControl").Value = val Or AccountOptions
>> > val = Fix(User.Properties("userAccountControl").Value)
>> > User.CommitChanges()
>> > End Sub 'SetAccountOptions
>> > -----------------------------------------------------
>> >
>> > The Result is:
>> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
>> > running
>> > perfect.
>> >
>> > the call
>> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
>> > NOTING HAPPENS
>> >
>> > Now my question:
>> > I need a solution to set the property "User Cannot Change Password"
>> > over
>> > the
>> > DirectoryServices.
>> >
>> > Help, please
>> > Thauhtopa
>>
>>
>>

Relevant Pages