Error on Password Change Of Active Directory User

0

Hi I am trying to reset password of Active Directory User But I Am getting error,Following is my Code:

    public string ChangePassword(string Identity,string OldPassword, string Password)
 {
      string success = "Success";
      try
      {


          DirectoryEntry UserEntry = null;
          DirectoryEntry entry = new DirectoryEntry("LDAP://.../DC=Domain,DC=COM", Identity, OldPassword);

          DirectorySearcher search = new DirectorySearcher(entry);
          SearchResult resultsearch = search.FindOne();
          if (resultsearch == null)
          {
              success = "User Not Found In This Domain";
          }
          else
          {

              success = "find";
              UserEntry = resultsearch.GetDirectoryEntry();
              UserEntry.Username = @"Domain\Administrator";
              UserEntry.Password = "password";
              UserEntry.AuthenticationType = AuthenticationTypes.None;

              if (UserEntry == null)
                  success = "User Not Found In This Domain";
              else
              {
                  try
                  {
                      success = UserEntry.Username.ToString();


    UserEntry.Invoke("ChangePassword", new object[] { OldPassword, Password });
                      UserEntry.CommitChanges();

                  }
                  catch (Exception ex)
                  {
                      success = ex.ToString();
                  }
              }
          }
      }
      catch (Exception ex)
      {
          success = ex.ToString();
      }

So I am getting Error in UserEntry.Invoke("ChangePassword", new object[] { OldPassword, Password }); UserEntry.CommitChanges();

Error:

        System.Runtime.InteropServices.COMException (0x80020006): Unknown name.           (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
        at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
        at WebService.ChangePassword(String Identity, String OldPassword, String Password) in c:\inetpub\wwwroot\WebSite1\App_Code\WebService.cs:line 370
c#
active-directory
asked on Stack Overflow Apr 17, 2012 by Hiren • edited Apr 17, 2012 by Hiren

2 Answers

1

If you are using .NET Framework 3.5 or later, the code below will solve the problem. Class definition is omitted.

using System.DirectoryServices.AccountManagement;

public static string ChangePassword(string adminUser, string adminPassword,
    string domain, string container, string userName, string newPassword)
{
    try
    {
        PrincipalContext principalContext = 
            new PrincipalContext(ContextType.Domain, domain, container, 
                adminUser, adminPassword);
        UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, userName);
        if (user == null) return "User Not Found In This Domain";

        user.SetPassword(newPassword);
        return user.Name;
    }
    catch (Exception ex)
    {
        return ex.Message;
    }
}

Usage:

ChangePassword(@"DOMAIN\Administrator", "password", "DOMAIN",
  "DC=Domain,DC=COM", userName, newPassword);

EDIT: Added a version for .NET 2.0 framework.

A change password method for .NET 2.0:

public static string ChangePassword20(string adminUser, string adminPassword,
    string container, string domainController, string userName, string newPassword)
{
    const AuthenticationTypes authenticationTypes = AuthenticationTypes.Secure |
        AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind;

    DirectoryEntry searchRoot = null;
    DirectorySearcher searcher = null;
    DirectoryEntry userEntry = null;

    try
    {
        searchRoot = new DirectoryEntry(String.Format("LDAP://{0}/{1}", 
            domainController, container), 
            adminUser, adminPassword, authenticationTypes);

        searcher = new DirectorySearcher(searchRoot);
        searcher.Filter = String.Format("sAMAccountName={0}", userName);
        searcher.SearchScope = SearchScope.Subtree;
        searcher.CacheResults = false;

        SearchResult searchResult = searcher.FindOne(); ;
        if (searchResult == null) return "User Not Found In This Domain";

        userEntry = searchResult.GetDirectoryEntry();

        userEntry.Invoke("SetPassword", new object[] { newPassword });
        userEntry.CommitChanges();

        return "New password set";
    }
    catch (Exception ex)
    {
        return ex.ToString();
    }
    finally
    {
        if (userEntry != null) userEntry.Dispose();
        if (searcher != null) searcher.Dispose();
        if (searchRoot != null) searchRoot.Dispose();
    }
}

Usage:

ChangePassword20(@"DOMAIN\Administrator", "password", "DC=Domain,DC=COM",
    "domainControllerName", "userName", "newPassword");
answered on Stack Overflow Apr 17, 2012 by Espen Burud • edited Apr 18, 2012 by Espen Burud
0

Few things:

  • You should not be setting a username, password, or AuthN type on UserEntry.
  • your success = UserEntry.Username... should be obj foo = UserEntry.NativeObject;. If that passes, you have a valid DE.
  • You don't need to call CommitChanges() here.
  • You would call ChangePassword in the context of the user, not the administrator. That will pass through the GetDirectoryEntry() call properly.
answered on Stack Overflow Apr 17, 2012 by Brian Desmond

User contributions licensed under CC BY-SA 3.0