Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



How to set "User Cannot Change Password" either via .NET or ADSI

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 25-01-2010
Member
 
Join Date: Jan 2010
Posts: 1
How to set "User Cannot Change Password" either via .NET or ADSI

I need to be able to set the "User Cannot Change Password" for AD users which I create from a Python script, but I'm not quite sure how to do this. If someone could please post a working example of how to do this either via the .NET DirectoryServices (preferably in C#) or the ADSI interfaces, I'd be very grateful!

Reply With Quote
  #2  
Old 28-05-2011
Member
 
Join Date: Feb 2011
Posts: 97
Re: How to set "User Cannot Change Password" either via .NET or ADSI

Hey i am not a programmer but still i have found something for you and i hope that it will help you to solve your issue. But keep on thing in mind that this program will just help you to create your own so make changes possible and try it out but be careful and consult a concerned or official person regarding the program.


Code:
$User = $(throw ?$User is Required?,[switch]$CheckBox)
Write-Host

$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(&(objectcategory=User)(sAMAccountName=$user))")
$MyUser = $Searcher.FindOne().GetDirectoryEntry()

if(!$?){" !! Failed to Get User !!";Return}

if($CheckBox)
{
    Write-Host " ? Checking Box for User [$($MyUser.distinguishedName)]"
    $self = [System.Security.Principal.SecurityIdentifier]?S-1-5-10′
    $ExtendedRight = [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
    $deny = [System.Security.AccessControl.AccessControlType]::Deny
    $selfDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule($self,$ExtendedRight,$deny,?ab721a53-1e2f-11d0-9819-00aa0040529b?)
    $MyUser.psbase.get_ObjectSecurity().AddAccessRule($selfDeny)
    $MyUser.psbase.CommitChanges()
}
else
{
    Write-Host " ? Removing Check Box for User [$($MyUser.distinguishedName)]"
    $ACL = $MyUser.psbase.get_ObjectSecurity().GetAccessRules($true,$false, [System.Security.Principal.NTAccount])
    $ACEs = $ACL | ?{($_.ObjectType -eq ?ab721a53-1e2f-11d0-9819-00aa0040529b?) -and ($_.AccessControlType -eq ?Deny?)}
    foreach($ACE in $ACEs){if($ACE){[void]$MyUser.psbase.get_ObjectSecurity().RemoveAccessRule($ACE)}}
    $MyUser.psbase.CommitChanges()
}

Write-Host
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How to set "User Cannot Change Password" either via .NET or ADSI"
Thread Thread Starter Forum Replies Last Post
Getting error while accessing Gmail on Iphone, "incorrect user name and password" Pujar Portable Devices 3 04-09-2011 08:06 AM
Unable to delegate "Reset user passwords and force password change atnext logon" Billie Windows Security 3 29-05-2011 01:45 AM
iPhone Error:"The user name or password for pop3.live.com is incorrect" Aapti Windows Software 3 16-08-2010 12:39 PM
ADSI and VB 2008 Error "Cannot Create ActiveX Component" Mysteria Software Development 3 22-05-2009 11:30 AM
DCOM got error "Logon failure: unknown user name or bad password." Chitesh Small Business Server 2 03-10-2006 06:04 AM


All times are GMT +5.5. The time now is 10:52 AM.