Re: LDAP changePassword always returns error
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 06/15/05
- Previous message: Simon Zerafa: "Re: WInXP SP3"
- In reply to: Tom: "Re: LDAP changePassword always returns error"
- Next in thread: Tom: "Re: LDAP changePassword always returns error"
- Reply: Tom: "Re: LDAP changePassword always returns error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Jun 2005 11:05:07 -0400
That breaks down to be error 86.
Paste it into calculator, tell calc to convert to hex, specify Word for size,
then convert back to decimal.
Error 86 is
C:\WINDOWS>net helpmsg 86
The specified network password is not correct.
This would tell me that the old password you are trying to use is not correct.
Running as administrator has no bearing on it because you are using the old
password and the new. Running as an admin (or someone with SetPassword CA rights
on the user object) only impacts the SETPASSWORD method.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Tom wrote:
> This is really weird - I run the script as an administrator, and return an
> empty error description with the error number -2147024810.
>
> When I look that up in the Microsoft Knowledge Base, it looks like it's a
> SiteServer error, which isn't even installed on that server.
>
> "Joe Richards [MVP]" wrote:
>
>
>>I filtered this down to this basic example
>>
>>p_DistinguishedName=wscript.arguments.item(0)
>>p_OldPassword=wscript.arguments.item(1)
>>p_NewPassword=wscript.arguments.item(2)
>>
>>
>>if p_DistinguishedName= "" then
>> wScript.Quit
>>end if
>>
>>set objUser = getObject("LDAP://" & p_distinguishedName)
>>if isObject(objUser) then
>> objUser.ChangePassword p_OldPassword, p_NewPassword
>> wscript.echo "Password change successful"
>>else
>> wscript.echo "Didn't get a handle to the user object"
>>end if
>>
>>
>>This runs successfully for me
>>
>>[Fri 06/10/2005 20:45:31.12]
>>G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword
>>Microsoft (R) Windows Script Host Version 5.6
>>Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>>
>>Password change successful
>>
>>[Fri 06/10/2005 20:45:51.69]
>>G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com password somenewpassword2
>>Microsoft (R) Windows Script Host Version 5.6
>>Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>>
>>G:\TEMP\pwd.vbs(12, 3) (null): The specified network password is not correct.
>>
>>
>>[Fri 06/10/2005 20:45:56.69]
>>G:\TEMP>pwd.vbs cn=someuser,cn=users,dc=joe,dc=com somenewpassword somenewpassword2
>>Microsoft (R) Windows Script Host Version 5.6
>>Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
>>
>>Password change successful
>>
>>[Fri 06/10/2005 20:46:09.47]
>>G:\TEMP>
>>
>>
>>
>>
>>What again are the exact errors you are seeing when running through vbscript,
>>not through a web page. Web pages add all sorts of screwed up issues that aren't
>>script related, but instead IIS and the IIS Script engine related.
>>
>> joe
>>
>>
>>
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Tom wrote:
>>
>>>Joe,
>>>
>>>The code follows. I've disabled error handling to show the error.
>>>
>>>I based it off this script at Technet:
>>>http://www.microsoft.com/technet/scriptcenter/scripts/ad/users/pwds/uspwvb02.mspx
>>>
>>>I get the same error when I run the script as the user through a web page,
>>>the user logged into the machine, or a domain administrator logged into the
>>>machine. However, forcing the password to be overwritten works fine when
>>>logged in as a domain admin.
>>>
>>>function changePassword(p_DistinguishedName, p_NewPassword, p_OldPassword)
>>>
>>>'on error resume next
>>>if p_DistinguishedName= "" then
>>> wScript.Quit
>>>end if
>>> set objUser = getObject("LDAP://" & p_distinguishedName)
>>> if isObject(objUser) then
>>> 'When run in the contect of a domain administrator, this
>>>forces
>>> 'the new password to overwrite the old. It works fine.
>>> 'objUser.setPassword p_NewPassword
>>>
>>> 'This is the line of code in question. It's based off a
>>>script in Technet's
>>> 'script center.
>>> objUser.ChangePassword p_OldPassword, p_NewPassword
>>> else
>>> strMsg = Server.URLEncode("Sorry, there was a problem processing your
>>>password change. <a href='changepassword.asp'>Please try again</a>.<p>If
>>>this problem persists, please contact your administrator.")
>>> response.redirect("confirm.asp?m=" & strMsg & "&e=1")
>>> end if
>>> strMsg = Server.urlEncode("Password for user <b>" &
>>>request.Form("username") & "</b> has been changed!")
>>> response.redirect("confirm.asp?m=" & strMsg)
>>>
>>>end function
>>>
>>>"Joe Richards [MVP]" wrote:
>>>
>>>
>>>
>>>>Post the script
>>>>
>>>>--
>>>>Joe Richards Microsoft MVP Windows Server Directory Services
>>>>www.joeware.net
>>>>
>>>>
>>>>Tom wrote:
>>>>
>>>>
>>>>>I'm working on a script to change a user's password in an AD domain.
>>>>>
>>>>>Our problem is a script that uses the changePassword method to change a
>>>>>user's password. No matter how strong the new password is, we always return
>>>>>an error that says the new password is either not unique or doesn't meet the
>>>>>policy for strong passwords. This script doesn't work when run as either the
>>>>>user making the change or the domain administrator.
>>>>>
>>>>>I think this error is bogus; we have another script that overwrites the
>>>>>user's password with a strong random one (which runs in the context of the
>>>>>domain admin), and that works fine.
>>>>
- Previous message: Simon Zerafa: "Re: WInXP SP3"
- In reply to: Tom: "Re: LDAP changePassword always returns error"
- Next in thread: Tom: "Re: LDAP changePassword always returns error"
- Reply: Tom: "Re: LDAP changePassword always returns error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
