ASP/ADSI change password in AD

ASP/ADSI change password in AD

Post by Blak » Fri, 30 May 2003 22:39:14



I have been battling with this problem for days now.  Simply put, I need a
web interface to allow users to change passwords in our AD.  I am familiar
with ASP, ADSI via VBS, all the web technologies OK.  My problem is I have
found a number of pieces of code on the web that look like this:

Set User = GetObject("LDAP://CN=bill,OU=test,DC=Testlu,DC=Edu")
user.ChangePassword strOldPassword, strNewPassword

Now, this makes sense to me - bind to the AD object and then change the
password.  But this will NOT run as an ASP script.  I get a very
non-descript error:

Error Type:
(0x80070056)
/test.asp, line 3

Line 3 is the .changepassword line.  I am at a loss.  I have gone through
the steps of installing cert authority on our test DC, hoping the problem
was LDAP over SSL - that hasn't helped.  I can BIND to the object, but can't
change the password.  The ASP file is running in the context of a standard
(non-admin) user.  Does anyone have any ideas?

 
 
 

ASP/ADSI change password in AD

Post by Jim » Sat, 31 May 2003 01:57:53


The easiest way I find is to use the IADsUser interface which has a
'SetPassword' method and after that method call the CommitChanges on the
directory enttry object....

Only in C#

//get the user directoryentry from the AD
DirectoryEntry user ...;
IADsUser adUser = (IADsUser) user .NativeObject;
adUser.SetPassword("Password");
user.CommitChanges();

HTH

Ollie

PS youi will need to import the required AD libraries


Quote:> I have been battling with this problem for days now.  Simply put, I need a
> web interface to allow users to change passwords in our AD.  I am familiar
> with ASP, ADSI via VBS, all the web technologies OK.  My problem is I have
> found a number of pieces of code on the web that look like this:

> Set User = GetObject("LDAP://CN=bill,OU=test,DC=Testlu,DC=Edu")
> user.ChangePassword strOldPassword, strNewPassword

> Now, this makes sense to me - bind to the AD object and then change the
> password.  But this will NOT run as an ASP script.  I get a very
> non-descript error:

> Error Type:
> (0x80070056)
> /test.asp, line 3

> Line 3 is the .changepassword line.  I am at a loss.  I have gone through
> the steps of installing cert authority on our test DC, hoping the problem
> was LDAP over SSL - that hasn't helped.  I can BIND to the object, but
can't
> change the password.  The ASP file is running in the context of a standard
> (non-admin) user.  Does anyone have any ideas?


 
 
 

ASP/ADSI change password in AD

Post by Chri » Fri, 20 Jun 2003 02:20:15


Hi Blake, I have the exact same problem, I've spent days on it. Have you
managed to get it working?

Regs
Chris


Quote:> I have been battling with this problem for days now.  Simply put, I need a
> web interface to allow users to change passwords in our AD.  I am familiar
> with ASP, ADSI via VBS, all the web technologies OK.  My problem is I have
> found a number of pieces of code on the web that look like this:

> Set User = GetObject("LDAP://CN=bill,OU=test,DC=Testlu,DC=Edu")
> user.ChangePassword strOldPassword, strNewPassword

> Now, this makes sense to me - bind to the AD object and then change the
> password.  But this will NOT run as an ASP script.  I get a very
> non-descript error:

> Error Type:
> (0x80070056)
> /test.asp, line 3

> Line 3 is the .changepassword line.  I am at a loss.  I have gone through
> the steps of installing cert authority on our test DC, hoping the problem
> was LDAP over SSL - that hasn't helped.  I can BIND to the object, but
can't
> change the password.  The ASP file is running in the context of a standard
> (non-admin) user.  Does anyone have any ideas?

 
 
 

ASP/ADSI change password in AD

Post by Blak » Sat, 05 Jul 2003 04:16:57


I got so involved with getting SSL to work I forgot that only the user can
change his own password.

1) setup CA and SSL on your DC(s)
2) set the .asp page to NOT allow anonymous (require that the user
authenticate prior to running the asp) - otherwise the asp runs as IUSER_XXX
or whatever and he doesn't have access to change another users password!!
3) use this sort of code:

<%
UserID =  Request.ServerVariables("LOGON_USER")
Pass = Request.ServerVariables("AUTH_PASSWORD")
Set oUser = GetObject("LDAP://CN=" & Request.ServerVariables("LOGON_USER") &
",OU=test,DC=Testlu,DC=Edu")
sNewPassword = request("txtNewPassword")
oUser.ChangePassword Pass, sNewPassword
Response.write("your password has been changed to " & sNewPassword)
%>

This has worked for us.

CAVEAT - this does NOT work if the box is checked to 'require user to change
password at next logon'.  When the user tries to authenticate to run the web
page, he can't run it until he changes his password.  And he can't change
his password until he runs this code.  The only way around that is to run
the code as a user with some kind of admin access and change the password
that way.

Good luck!
Blake

> Hi Blake, I have the exact same problem, I've spent days on it. Have you
> managed to get it working?

> Regs
> Chris



> > I have been battling with this problem for days now.  Simply put, I need
a
> > web interface to allow users to change passwords in our AD.  I am
familiar
> > with ASP, ADSI via VBS, all the web technologies OK.  My problem is I
have
> > found a number of pieces of code on the web that look like this:

> > Set User = GetObject("LDAP://CN=bill,OU=test,DC=Testlu,DC=Edu")
> > user.ChangePassword strOldPassword, strNewPassword

> > Now, this makes sense to me - bind to the AD object and then change the
> > password.  But this will NOT run as an ASP script.  I get a very
> > non-descript error:

> > Error Type:
> > (0x80070056)
> > /test.asp, line 3

> > Line 3 is the .changepassword line.  I am at a loss.  I have gone
through
> > the steps of installing cert authority on our test DC, hoping the
problem
> > was LDAP over SSL - that hasn't helped.  I can BIND to the object, but
> can't
> > change the password.  The ASP file is running in the context of a
standard
> > (non-admin) user.  Does anyone have any ideas?