Cant SET 'user cant change password' AND 'password never expires'

Cant SET 'user cant change password' AND 'password never expires'

Post by Paul » Thu, 07 Feb 2002 21:13:40



I've sort of figured this problem out now, but something strange is
happening and i am interested to know why this certain peice of code doesnt
work.  The comments in the code explain.

set objUser = GetObject("WinNT://DOMAINNAME/" & sUserName & ",user")
nUserFlags = objUser.Get("UserFlags")
'########################
'###### this code doesnt work
' set user cant change password
'objUser.Put "UserFlags", nUserFlags OR &H00040
' set password never expires
'objUser.Put "UserFlags", nUserFlags OR &H10000
'objUser.SetInfo
'########################

'########################
'###### this code does work
' set user cant change password  and set password never expires
'objUser.Put "UserFlags", nUserFlags OR &H00040 OR &H10000
'objUser.SetInfo
'########################

I used the code here to help:
http://www.15seconds.com/issue/011127.htm
So it should be possible not to do all on one line.  btw there is a bug in
that code - he forgot to put in a .setinfo so looks like it was never
tested?  I have tried putting in XOR's like the author suggests (but doesnt
actually do!) and it makes no difference.

Thanks,

Paul

 
 
 

Cant SET 'user cant change password' AND 'password never expires'

Post by Max L. Vaug » Thu, 07 Feb 2002 22:16:21


Looking at the code....

########################
'###### this code doesnt work
' set user cant change password
'objUser.Put "UserFlags", nUserFlags OR &H00040
' set password never expires
'objUser.Put "UserFlags", nUserFlags OR &H10000
'objUser.SetInfo

Only the &H10000 bit would have been added because the base for the OR is the same variable (nUserFlags).  The cache would store the last change.  

There is no way for this code to work as it is written.

Sincerely,
Max Vaughn [MS]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

 
 
 

Cant SET 'user cant change password' AND 'password never expires'

Post by Paul » Thu, 07 Feb 2002 22:37:09




Quote:> Looking at the code....

> ########################
> '###### this code doesnt work
> ' set user cant change password
> 'objUser.Put "UserFlags", nUserFlags OR &H00040
> ' set password never expires
> 'objUser.Put "UserFlags", nUserFlags OR &H10000
> 'objUser.SetInfo

> Only the &H10000 bit would have been added because the base for the OR is

the same variable (nUserFlags).  The cache would store the last change.

Quote:

> There is no way for this code to work as it is written.

Yes, makes sense now.  The code on 15seconds would therefore work in some
circumstances, but not all the time.
Thanks.
 
 
 

Cant SET 'user cant change password' AND 'password never expires'

Post by Ronan de Macedo Cout » Fri, 08 Feb 2002 00:41:27


Please, I dont understand all!!!
I made the folowing code and it doesnt work, I receved the message: The
Active Directory property could not be found in cache.
Look to the code:

Set usr = OU_Cooperativas.Create("user", "CN=Teste da Silva")

usr.Put "samAccountName", "TesteS"

usr.Put "title", "Usurio"
usr.SetInfo

usr.SetPassword "testado"
usr.AccountDisabled = False
'User flags
usr.Put "userFlags", usr.Get("UserFlags") Or &H10000
usr.SetInfo

What is wrong where is the error?

Thanks in advance!!!

Ronan





> > Looking at the code....

> > ########################
> > '###### this code doesnt work
> > ' set user cant change password
> > 'objUser.Put "UserFlags", nUserFlags OR &H00040
> > ' set password never expires
> > 'objUser.Put "UserFlags", nUserFlags OR &H10000
> > 'objUser.SetInfo

> > Only the &H10000 bit would have been added because the base for the OR
is
> the same variable (nUserFlags).  The cache would store the last change.

> > There is no way for this code to work as it is written.

> Yes, makes sense now.  The code on 15seconds would therefore work in some
> circumstances, but not all the time.
> Thanks.

 
 
 

Cant SET 'user cant change password' AND 'password never expires'

Post by Marc Scheune » Sat, 09 Feb 2002 02:51:41


On Wed, 6 Feb 2002 12:41:27 -0300, "Ronan de Macedo Couto"


>I made the folowing code and it doesnt work, I receved the message: The
>Active Directory property could not be found in cache.
>usr.Put "userFlags", usr.Get("UserFlags") Or &H10000

It means that the "UserFlags" property is not yet in the property
cache.

Two things you can do:

1) Read all the user info first, with a call to .GetInfo

2) The attribute you're trying to get might really not have been
initialized at all - it contains no value, hence when you query for
it, it'll say "property not found in cache" - in that case, you can
still *SET* it (.Put ......)/

Marc

 
 
 

Cant SET 'user cant change password' AND 'password never expires'

Post by Max L. Vaug » Sat, 02 Mar 2002 00:24:53


In the LDAP world, UserFlags maps to UserAccountControl.  You will need to use the UserAccountControl attribute.  See the following link for additional
information about LDAP and IADsUser attribute mappings:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netd...

Sincerely,
Max Vaughn [MS]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

 
 
 

1. Changing a user password who has 'Change Password at next Logon' flagged

Hi,

I'm trying to change the password of a user using VB and ADSI with the
LDAP provider. The VB is built as a COM component and running as a
server application and has an identity set to a user account with
administrative rights.
The method call is from an ASP page where a user types in the relevant
information to change their password.

My code in brief is as below :

    strUserPath = "LDAP://" & strDomain & "/CN=" & UserName & "," &
strContainer
    Set objUser = GetObject(strUserPath)

    objUser.ChangePassword OldPassword, NewPassword

which results in the following error :

    Error Number : -2147023545 (0x80070547)

    Description : Automation error

    Configuration information could not be read from the domain
controller,     either because the machine is unavailable, or access
has been denied.

The security error that occurs on the DC is as follows :

Event Type:     Failure Audit
Event Source:   Security
Event Category: Account Logon
Event ID:       681
Date:           04/02/2003
Time:           10:12:47
User:           NT AUTHORITY\SYSTEM
Computer:       CRISDVLPDC
Description:
The logon to account: 100099
 by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 from workstation: GBCRISS193
 failed. The error code was: 3221226020

The error code translates to User Logon with 'Change Password at Next
Logon' Flagged.

This works no problem with the WinNT provider but I have to use the
LDAP provider.

Any thoughts or suggestions are most welcome

Paul Jackson

2. Help needed in MSKermit to CKermit conversion

3. Change 'Administrator' password in 'Active Directory users'

4. Optical Note Recognition/Optical Music Recognition?

5. How to set 'Password Never Expires' attribute with ADSI?

6. Hyperion to change AmigaOS4 to Windows philosophy?

7. cant get 'nis homedir' and 'homedir map' to work

8. ToDo in Datebook

9. Remove 'User cannot change Password' in AD

10. Cant Load 'Manage Server'

11. How do I change the 'smsschm_user' password?

12. Some Win95 clients cant see the Samba Servers in 'Entire Network'

13. Server Error: Cant initialize 'browser'