Results 1 to 2 of 2

Thread: How to set "User Cannot Change Password" either via .NET or ADSI

  1. #1
    Join Date
    Jan 2010

    How to set "User Cannot Change Password" either via .NET or ADSI

    I need to be able to set the "User Cannot Change Password" for AD users which I create from a Python script, but I'm not quite sure how to do this. If someone could please post a working example of how to do this either via the .NET DirectoryServices (preferably in C#) or the ADSI interfaces, I'd be very grateful!

  2. #2
    Join Date
    Feb 2011

    Re: How to set "User Cannot Change Password" either via .NET or ADSI

    Hey i am not a programmer but still i have found something for you and i hope that it will help you to solve your issue. But keep on thing in mind that this program will just help you to create your own so make changes possible and try it out but be careful and consult a concerned or official person regarding the program.

    $User = $(throw ‘$User is Required’,[switch]$CheckBox)
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(&(objectcategory=User)(sAMAccountName=$user))")
    $MyUser = $Searcher.FindOne().GetDirectoryEntry()
    if(!$?){" !! Failed to Get User !!";Return}
        Write-Host " – Checking Box for User [$($MyUser.distinguishedName)]"
        $self = [System.Security.Principal.SecurityIdentifier]‘S-1-5-10′
        $ExtendedRight = [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
        $deny = [System.Security.AccessControl.AccessControlType]::Deny
        $selfDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule($self,$ExtendedRight,$deny,‘ab721a53-1e2f-11d0-9819-00aa0040529b’)
        Write-Host " – Removing Check Box for User [$($MyUser.distinguishedName)]"
        $ACL = $MyUser.psbase.get_ObjectSecurity().GetAccessRules($true,$false, [System.Security.Principal.NTAccount])
        $ACEs = $ACL | ?{($_.ObjectType -eq ‘ab721a53-1e2f-11d0-9819-00aa0040529b’) -and ($_.AccessControlType -eq ‘Deny’)}
        foreach($ACE in $ACEs){if($ACE){[void]$MyUser.psbase.get_ObjectSecurity().RemoveAccessRule($ACE)}}

Similar Threads

  1. Replies: 3
    Last Post: 04-09-2011, 08:06 AM
  2. Replies: 3
    Last Post: 29-05-2011, 01:45 AM
  3. Replies: 3
    Last Post: 16-08-2010, 12:39 PM
  4. ADSI and VB 2008 Error "Cannot Create ActiveX Component"
    By Mysteria in forum Software Development
    Replies: 3
    Last Post: 22-05-2009, 11:30 AM
  5. DCOM got error "Logon failure: unknown user name or bad password."
    By Chitesh in forum Small Business Server
    Replies: 2
    Last Post: 03-10-2006, 06:04 AM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Page generated in 1,685,703,069.89684 seconds with 17 queries