Re: Invoke(SetPassword) in Active Directory, Works, Then Access is Den

This depends on how the password modification is being done. SetPassword
tries 3 different approaches and they all have different failure modes.

The most reliable method involves using LDAP password modifications, but
that requires that your DCs have SSL certs so that you can connect to LDAP
using SSL. This is not done in AD by default, though. You would need to
get your domain admins to configure it.

The other two methods, Kerberos set password and NetUserSetInfo, may not be
as reliable. It is hard to tell which one is being used without sniffing
the network traffic.

What is the OS the ASP.NET runs on (with SP)? That determines the version
of ADSI that .NET uses. Also, what version of AD are you using (2003 or
2000)?

Joe K.

"ptstesting" <ptstesting@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F407D2D0-620E-4377-BAC9-1EC3D548CCA4@xxxxxxxxxxxxxxxx
My setup:
Using ASP.NET web app, have permissions setup properly, using
impersonation
as admin account before modifying active directory entry. I have the
latest
.NET 2.0 and service packs installed.

The problem:
I can call Active Directory's

myDE.Invoke("SetPassword", new object[] {Password});

successfully a few times, but after about 10 minutes, if I try the call
again, I receive "Access is Denied". I have to re-upload my web
application
files to restart the web application for it to resume working correctly.

Why would this work several calls in a row, and then begin failing after
10
minutes?

I read this post from a Microsoft techie:
http://www.gotdotnet.com/Community/MessageBoard/Thread.aspx?id=157773

It mentions something about a bug in .NET where the server stub runs down
after several successful calls? Something about a Microsoft fix is
available,
but no download link?

Does anyone know more about this issue?


.