-
Feb 27th, 2013, 01:46 PM
#1
Thread Starter
Fanatic Member
Changing passwords in the Active Directory with a web app.
We need to change passwords in the Active Directory with a web app.
This functionality worked OK for us with classic ASP and IIS 6.
We are now switching to Windows Server 2008 and IIS 7.
We noticed when we did that, that there were issues with changing password, specifically that, apparently, the code is acting like the user that is making the password change is trying to do it with their own authority, and thus they get an access denied error. This seems to be the case since when some admins change their password it works, but for our test users it doesn't work anymore like it does on the IIS 6 server.
I know that IIS 7 is its own animal, and I am wondering if anyone has any ideas what the solution might be?
Here is the code we are trying to get to work. I realize the issue may not be the code but the IIS settings, but we have tried a number of things to no avail. For the users it fails with, it gets an access denied once it gets to the "Invoke" call, 2nd line from the last. Please let me know if any ideas. Thanks!
Jim
Code:
try
{
DirectorySearcher search = new DirectorySearcher(strLDAPDomain);
//search.Filter = "(&(sAMAccountName=" + strUserId + ")(mail=" + strEmail + "));sAMAccountName;subtree";//
search.Filter = "(&(sAMAccountName=" + strUserId + ")(mail=" + strEmail + "))"; //(mail=" + strEmail + ")
var propertiesToLoad = new[]
{
"SAMAccountName",
"mail"
};
search.PropertiesToLoad.AddRange(propertiesToLoad);
SearchResult searchEntry = search.FindOne();
if (searchEntry != null)
{
Random random = new Random();
string temp = "";
while (temp.Length<9)
{
temp = temp + ((char)('A' + random.Next(0, 25))).ToString();
temp = temp + ((char)('a' + random.Next(0, 25))).ToString();
temp = temp + ((char)('0' + random.Next(0, 9))).ToString();
temp = temp.Replace(".", "");
temp = temp.Replace("-", "");
}
try
{
DirectoryEntry myDirectoryEntry = new DirectoryEntry(@"WinNT://" + strDomain + "/" + strUserId + ", user");
myDirectoryEntry.RefreshCache();
myDirectoryEntry.Invoke("SetPassword", new object[] { temp });
myDirectoryEntry.CommitChanges();
-
Feb 27th, 2013, 04:31 PM
#2
Thread Starter
Fanatic Member
Re: Changing passwords in the Active Directory with a web app.
Please noboby get whiplash by responding too quick with a suggestion. :-)
Jim
-
Feb 28th, 2013, 10:51 AM
#3
Hyperactive Member
Re: Changing passwords in the Active Directory with a web app.
Is the context the web application running under allowed to change AD settings?
-
Feb 28th, 2013, 10:14 PM
#4
Thread Starter
Fanatic Member
Re: Changing passwords in the Active Directory with a web app.
What context should it be and how should we set it? Also, it is not currently a web application but an empty web page in c#.
Jim
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|