UserPrincipal.SetPassword throws 0x80070005 (E_ACCESSDENIED)

0

I have a Web API that runs in an IIS application pool with elevated service account. This service account has privileges to set or change user passwords within specific OUs in Active Directory.

The API service account is able to set user passwords in OU1 but is not able to set user passwords in OU2. Change password works ok in both OUs.

Screenshot for service account permissions on OU2

service account permissions on OU in AD

Same piece of code is used to set the password regardless of OU.

UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(adContext, username);
userPrincipal.SetPassword("somepassword");
userPrincipal.Save();

The exception thrown is

System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

c#
asp.net-web-api
active-directory
asked on Stack Overflow Aug 6, 2020 by joym8 • edited Aug 7, 2020 by joym8

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0