I got so involved with getting SSL to work I forgot that only the user can
change his own password.
1) setup CA and SSL on your DC(s)
2) set the .asp page to NOT allow anonymous (require that the user
authenticate prior to running the asp) - otherwise the asp runs as IUSER_XXX
or whatever and he doesn't have access to change another users password!!
3) use this sort of code:
UserID = Request.ServerVariables("LOGON_USER")
Pass = Request.ServerVariables("AUTH_PASSWORD")
Set oUser = GetObject("LDAP://CN=" & Request.ServerVariables("LOGON_USER") &
sNewPassword = request("txtNewPassword")
oUser.ChangePassword Pass, sNewPassword
Response.write("your password has been changed to " & sNewPassword)
This has worked for us.
CAVEAT - this does NOT work if the box is checked to 'require user to change
password at next logon'. When the user tries to authenticate to run the web
page, he can't run it until he changes his password. And he can't change
his password until he runs this code. The only way around that is to run
the code as a user with some kind of admin access and change the password
> Hi Blake, I have the exact same problem, I've spent days on it. Have you
> managed to get it working?
> > I have been battling with this problem for days now. Simply put, I need
> > web interface to allow users to change passwords in our AD. I am
> > with ASP, ADSI via VBS, all the web technologies OK. My problem is I
> > found a number of pieces of code on the web that look like this:
> > Set User = GetObject("LDAP://CN=bill,OU=test,DC=Testlu,DC=Edu")
> > user.ChangePassword strOldPassword, strNewPassword
> > Now, this makes sense to me - bind to the AD object and then change the
> > password. But this will NOT run as an ASP script. I get a very
> > non-descript error:
> > Error Type:
> > (0x80070056)
> > /test.asp, line 3
> > Line 3 is the .changepassword line. I am at a loss. I have gone
> > the steps of installing cert authority on our test DC, hoping the
> > was LDAP over SSL - that hasn't helped. I can BIND to the object, but
> > change the password. The ASP file is running in the context of a
> > (non-admin) user. Does anyone have any ideas?