Change an Active Directory password in C#
Solution 1
I think the problem here is that your application does not have permission to update the password which is correct!
The authorized method for granting the ASP.NET application permission to the directory is by way of either a privileged IIS Application Pool running under the identity of a service account or by way of a COM+ entity running under the identity of a service account.
Solution 2
The SetPassword command only works for admin users, as it forcibly sets a new password without having to know the existing password. Non-admin users would need to use ChangePassword, which does require that you also pass the existing password along with the new password.
Related videos on Youtube
![Nate B.](https://i.stack.imgur.com/Cr47J.jpg?s=256&g=1)
Nate B.
Updated on September 18, 2022Comments
-
Nate B. almost 2 years
At first, please forgive my English, it is not my mother tongue.
Then, here is my problem: I'm working on a web platform that manage the Active Directory. I can create, delete, edit a group, user, OU, and so on.
But. Yeah, but. When a connected user want to change his own password with the platform, it fails. It comes from DirectoryEntry.Invoke.
I used the DirectoryServices.DirectoryEntry:
directoryEntry.Invoke("SetPassword", password); directoryEntry.Commit();
So I tried System.DirectoryServices.AccountManagement, that way:
PrincipalContext ctx = new PrincipalContext(ContextType.Machine); UserPrincipal user = UserPrincipal.FindByIdentity(ctx, Username); user.SetPassword(password_); user.Save();
Different way, same problem. These codes work, it only fails when a user try to edit his own password.
How can a connected user change his own password ? Why this weird problem ?
Any help would be greatful.
-
Sam Cogan over 12 yearsWho is the application running as, how are you passing credentials? Is it actually the user who is trying to change the password or your service account (for example)
-
Nate B. over 12 yearsThe web platform is run on a Windows 2008R2 server. The user passes his Windows credentials try to change them through the platform (as he can with CTRL+ALT+DELETE option). Not sure I'm obvious :(
-
Nate B. over 12 yearsI checked the topics about this kind of problem, and only find "SetPassword" or "ChangePassword". I'm okay with that. It works with the other users. But not if, for example, after connecting to the platform, I try to change my password.
-
-
Nate B. over 12 yearsFinally, I've created an executable application, that's run by IIS (more specifically by its default user, that is admin user). My platform calls this app and change password for everyone.
-
Nate B. over 11 yearsI should have answered this month ago. At the end, we had to used your solution. The identity behind the application pool (we use LocalSystem, which is closer to admin) runs everything (and editing password too). Now, everything runs perfectly. Thanks a lot !