Re: Setting Passwords via DSML with non-admin type Domain User Credent

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/25/05

• Next message: Rhett Gong [MSFT]: "RE: Setting Passwords via DSML with non-admin type Domain User Credent"
• Previous message: Marvin Bobo: "Setting Passwords via DSML with non-admin type Domain User Credent"
• In reply to: Marvin Bobo: "Setting Passwords via DSML with non-admin type Domain User Credent"
• Next in thread: Marvin Bobo: "Re: Setting Passwords via DSML with non-admin type Domain User Cre"
• Reply: Marvin Bobo: "Re: Setting Passwords via DSML with non-admin type Domain User Cre"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 24 May 2005 21:43:09 -0500

It isn't easy finding any help for DSML as it is not very well used. I
actually know almost nothing about it.

Based on the previous post that you referred to (which I guess I wrote :)),
I want to ask if you are doing the remove and add mod op instead of the
replace. If you show your code, that might help (although I know neither
DSML or PERL very well, I should be able to figure it out, especially if you
post both versions).

If you try to do a set password (just an LDAP replace), you'll probably have
a permissions problem because normal users don't have rights to reset
passwords, only to change their own.

HTH,

Joe K.
"Marvin Bobo" <marvinb@community.nospam> wrote in message
news:FC83C34F-44F5-4108-A60A-DF55EFB0F7BF@microsoft.com...
> When I execute the DSML request to change the password as Admin, works ok.
> When I execute as the domain user, fails with "HTTP Error 401.3 -
> Unauthorized: Access is denied due to an ACL set on the requested
> resource".
> I have set the specific user to full control on the ou and container for
> the
> user. The domain user logging on is changing its own account.
>
> Here is a post that is related to what I need to do but this is with LDAPs
> using Perl scripts:
>
> http://msdn.microsoft.com/newsgroups/managed/Default.aspx?dg=microsoft.public.active.directory.interfaces&mid=8461ad71-02a4-4759-8812-b0494e900898&sloc=en-us

---

• Next message: Rhett Gong [MSFT]: "RE: Setting Passwords via DSML with non-admin type Domain User Credent"
• Previous message: Marvin Bobo: "Setting Passwords via DSML with non-admin type Domain User Credent"
• In reply to: Marvin Bobo: "Setting Passwords via DSML with non-admin type Domain User Credent"
• Next in thread: Marvin Bobo: "Re: Setting Passwords via DSML with non-admin type Domain User Cre"
• Reply: Marvin Bobo: "Re: Setting Passwords via DSML with non-admin type Domain User Cre"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Setting Passwords via DSML with non-admin type Domain User Cre ... I think we are confusing terms now. ... There are three different types of LDAP attribute modifications: ... how to find out since I have no DSML directory to play with. ... normal users have rights to change their own password but ... (microsoft.public.platformsdk.security) Re: Changing Passwords Via DSML ... It is hard for me to imagine how it can be faster than doing pure LDAP since ... DSML has been difficult to ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... We are using a Java web service to interact with our DSML gateway. ... (microsoft.public.windows.server.active_directory) Re: Setting Passwords via DSML with non-admin type Domain User Cre ... Therefore the unicodePwd field is being modified. ... Here is the batch request (in DSML) which works under administrator ... > If you try to do a set password (just an LDAP replace), ... (microsoft.public.platformsdk.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)