Re: LDAP changePassword always returns error
From: Tom (Tom_at_discussions.microsoft.com)
Date: 06/13/05
- Previous message: Roger Abell: "Re: centralized, multi-OS authentication ?"
- In reply to: Joe Richards [MVP]: "Re: LDAP changePassword always returns error"
- Next in thread: Joe Richards [MVP]: "Re: LDAP changePassword always returns error"
- Reply: Joe Richards [MVP]: "Re: LDAP changePassword always returns error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Jun 2005 07:55:04 -0700
This is really weird - I run the script as an administrator, and return an
empty error description with the error number -2147024810.
When I look that up in the Microsoft Knowledge Base, it looks like it's a
SiteServer error, which isn't even installed on that server.
"Joe Richards [MVP]" wrote:
> I filtered this down to this basic example
>
> p_DistinguishedName=wscript.arguments.item(0)
> p_OldPassword=wscript.arguments.item(1)
> p_NewPassword=wscript.arguments.item(2)
>
>
> if p_DistinguishedName= "" then
> wScript.Quit
> end if
>
> set objUser = getObject("LDAP://" & p_distinguishedName)
> if isObject(objUser) then
> objUser.ChangePassword p_OldPassword, p_NewPassword
> wscript.echo "Password change successful"
> else
> wscript.echo "Didn't get a handle to the user object"
> end if
>
>
> This runs successfully for me
>
> [Fri 06/10/2005 20:45:31.12]
> G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword
> Microsoft (R) Windows Script Host Version 5.6
> Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>
> Password change successful
>
> [Fri 06/10/2005 20:45:51.69]
> G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword2
> Microsoft (R) Windows Script Host Version 5.6
> Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>
> G:\TEMP\pwd.vbs(12, 3) (null): The specified network password is not correct.
>
>
> [Fri 06/10/2005 20:45:56.69]
> G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com somenewpassword somenewpassword2
> Microsoft (R) Windows Script Host Version 5.6
> Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>
> Password change successful
>
> [Fri 06/10/2005 20:46:09.47]
> G:\TEMP>
>
>
>
>
> What again are the exact errors you are seeing when running through vbscript,
> not through a web page. Web pages add all sorts of screwed up issues that aren't
> script related, but instead IIS and the IIS Script engine related.
>
> joe
>
>
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Tom wrote:
> > Joe,
> >
> > The code follows. I've disabled error handling to show the error.
> >
> > I based it off this script at Technet:
> > http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/pwds/uspwvb02.mspx
> >
> > I get the same error when I run the script as the user through a web page,
> > the user logged into the machine, or a domain administrator logged into the
> > machine. However, forcing the password to be overwritten works fine when
> > logged in as a domain admin.
> >
> > function changePassword(p_DistinguishedName, p_NewPassword, p_OldPassword)
> >
> > 'on error resume next
> > if p_DistinguishedName= "" then
> > wScript.Quit
> > end if
> > set objUser = getObject("LDAP://" & p_distinguishedName)
> > if isObject(objUser) then
> > 'When run in the contect of a domain administrator, this
> > forces
> > 'the new password to overwrite the old. It works fine.
> > 'objUser.setPassword p_NewPassword
> >
> > 'This is the line of code in question. It's based off a
> > script in Technet's
> > 'script center.
> > objUser.ChangePassword p_OldPassword, p_NewPassword
> > else
> > strMsg = Server.URLEncode("Sorry, there was a problem processing your
> > password change. <a href='changepassword.asp'>Please try again</a>.<p>If
> > this problem persists, please contact your administrator.")
> > response.redirect("confirm.asp?m=" & strMsg & "&e=1")
> > end if
> > strMsg = Server.urlEncode("Password for user <b>" &
> > request.Form("username") & "</b> has been changed!")
> > response.redirect("confirm.asp?m=" & strMsg)
> >
> > end function
> >
> > "Joe Richards [MVP]" wrote:
> >
> >
> >>Post the script
> >>
> >>--
> >>Joe Richards Microsoft MVP Windows Server Directory Services
> >>www.joeware.net
> >>
> >>
> >>Tom wrote:
> >>
> >>>I'm working on a script to change a user's password in an AD domain.
> >>>
> >>>Our problem is a script that uses the changePassword method to change a
> >>>user's password. No matter how strong the new password is, we always return
> >>>an error that says the new password is either not unique or doesn't meet the
> >>>policy for strong passwords. This script doesn't work when run as either the
> >>>user making the change or the domain administrator.
> >>>
> >>>I think this error is bogus; we have another script that overwrites the
> >>>user's password with a strong random one (which runs in the context of the
> >>>domain admin), and that works fine.
> >>
>
- Previous message: Roger Abell: "Re: centralized, multi-OS authentication ?"
- In reply to: Joe Richards [MVP]: "Re: LDAP changePassword always returns error"
- Next in thread: Joe Richards [MVP]: "Re: LDAP changePassword always returns error"
- Reply: Joe Richards [MVP]: "Re: LDAP changePassword always returns error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
