Change an Active Directory password in C#

active-directory password windows
9,618

Solution 1

I think the problem here is that your application does not have permission to update the password which is correct!

The authorized method for granting the ASP.NET application permission to the directory is by way of either a privileged IIS Application Pool running under the identity of a service account or by way of a COM+ entity running under the identity of a service account.

Solution 2

The SetPassword command only works for admin users, as it forcibly sets a new password without having to know the existing password. Non-admin users would need to use ChangePassword, which does require that you also pass the existing password along with the new password.

Share:
9,618

Related videos on Youtube

Nate B.
Author by

Nate B.

Updated on September 18, 2022

Comments

  • Nate B.
    Nate B. almost 2 years

    At first, please forgive my English, it is not my mother tongue.

    Then, here is my problem: I'm working on a web platform that manage the Active Directory. I can create, delete, edit a group, user, OU, and so on.

    But. Yeah, but. When a connected user want to change his own password with the platform, it fails. It comes from DirectoryEntry.Invoke.

    I used the DirectoryServices.DirectoryEntry:

    directoryEntry.Invoke("SetPassword", password);
directoryEntry.Commit();

    So I tried System.DirectoryServices.AccountManagement, that way:

    PrincipalContext ctx = new PrincipalContext(ContextType.Machine);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, Username);
user.SetPassword(password_);
user.Save();

    Different way, same problem. These codes work, it only fails when a user try to edit his own password.

    How can a connected user change his own password ? Why this weird problem ?

    Any help would be greatful.

    • Sam Cogan
      Sam Cogan over 12 years
      Who is the application running as, how are you passing credentials? Is it actually the user who is trying to change the password or your service account (for example)
    • Nate B.
      Nate B. over 12 years
      The web platform is run on a Windows 2008R2 server. The user passes his Windows credentials try to change them through the platform (as he can with CTRL+ALT+DELETE option). Not sure I'm obvious :(
    • Nate B.
      Nate B. over 12 years
      I checked the topics about this kind of problem, and only find "SetPassword" or "ChangePassword". I'm okay with that. It works with the other users. But not if, for example, after connecting to the platform, I try to change my password.
  • Nate B.
    Nate B. over 12 years
    Finally, I've created an executable application, that's run by IIS (more specifically by its default user, that is admin user). My platform calls this app and change password for everyone.
  • Nate B.
    Nate B. over 11 years
    I should have answered this month ago. At the end, we had to used your solution. The identity behind the application pool (we use LocalSystem, which is closer to admin) runs everything (and editing password too). Now, everything runs perfectly. Thanks a lot !

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to find two months old password users in a Windows domain?
Invalid Characters for an NT Password
User can't change password due to complexity
Active Directory password expired. If I set it to never expire, can the user keep the same password?
How do you manage service account credentials (passwords)?
disable maximum password length on Windows Server
Joining an Active Directory domain using netdom
Domain Suffix added to DNS Queries
How to get user password expiration date from Active Directory?
Using powershell I'd like to get a list of people who have admin privileges for a domain?