Re: AD Change Password issue

From: Joe Kaplan \(MVP - ADSI\) (
Date: 02/02/05

Date: Wed, 2 Feb 2005 13:12:32 -0600

You can't do this. If pwdLastSet is set to 1, the user will be in "change
password at next logon" mode, but via LDAP they cannot bind with their
credentials in that state. LDAP bind != Windows Logon. You need to use
Windows APIs to handle this.

If you could go in as a privileged account, you could set pwdLastSet to 0 to
get around that, but you said that wasn't an option.

I'm not exactly sure what APIs you can even use to do this though. One
thing you might want to look at is IIS 6 ships with some web pages for
managing user passwords that DO support this functionality. I haven't used
them, but I've heard such a thing exists.

Best of luck,

Joe K.

"Sathya Gomathi via" <> wrote in
> Hi Thanks..there was a minimum pwd age set on GPO..its working fine now..
> i am running into another problem..the requirement is the option 'User
> must change pwd at first logon' needs to be set..and when the user login
> first time i must ask him to change his pwd through C#.
> 1. first problem i encountered was it doent even allow to connect error
> "bad user name and pwd"..
> so here is the question " how do i check whether this option is set..and
> how do i disable this option so that the user can change his/her pwd.."
> all this i need to do from C#..and also i cant use admin credentials to
> connect to AD..
> Thanks in advance
> --
> Message posted via