Results 1 to 2 of 2

Thread: How to set "User Cannot Change Password" either via .NET or ADSI

  1. #1
    Join Date
    Jan 2010
    Posts
    1

    How to set "User Cannot Change Password" either via .NET or ADSI

    I need to be able to set the "User Cannot Change Password" for AD users which I create from a Python script, but I'm not quite sure how to do this. If someone could please post a working example of how to do this either via the .NET DirectoryServices (preferably in C#) or the ADSI interfaces, I'd be very grateful!

  2. #2
    Join Date
    Feb 2011
    Posts
    97

    Re: How to set "User Cannot Change Password" either via .NET or ADSI

    Hey i am not a programmer but still i have found something for you and i hope that it will help you to solve your issue. But keep on thing in mind that this program will just help you to create your own so make changes possible and try it out but be careful and consult a concerned or official person regarding the program.


    Code:
    $User = $(throw ‘$User is Required’,[switch]$CheckBox)
    Write-Host
    
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"","(&(objectcategory=User)(sAMAccountName=$user))")
    $MyUser = $Searcher.FindOne().GetDirectoryEntry()
    
    if(!$?){" !! Failed to Get User !!";Return}
    
    if($CheckBox)
    {
        Write-Host " – Checking Box for User [$($MyUser.distinguishedName)]"
        $self = [System.Security.Principal.SecurityIdentifier]‘S-1-5-10′
        $ExtendedRight = [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
        $deny = [System.Security.AccessControl.AccessControlType]::Deny
        $selfDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule($self,$ExtendedRight,$deny,‘ab721a53-1e2f-11d0-9819-00aa0040529b’)
        $MyUser.psbase.get_ObjectSecurity().AddAccessRule($selfDeny)
        $MyUser.psbase.CommitChanges()
    }
    else
    {
        Write-Host " – Removing Check Box for User [$($MyUser.distinguishedName)]"
        $ACL = $MyUser.psbase.get_ObjectSecurity().GetAccessRules($true,$false, [System.Security.Principal.NTAccount])
        $ACEs = $ACL | ?{($_.ObjectType -eq ‘ab721a53-1e2f-11d0-9819-00aa0040529b’) -and ($_.AccessControlType -eq ‘Deny’)}
        foreach($ACE in $ACEs){if($ACE){[void]$MyUser.psbase.get_ObjectSecurity().RemoveAccessRule($ACE)}}
        $MyUser.psbase.CommitChanges()
    }
    
    Write-Host

Similar Threads

  1. Replies: 3
    Last Post: 04-09-2011, 08:06 AM
  2. Replies: 3
    Last Post: 29-05-2011, 01:45 AM
  3. Replies: 3
    Last Post: 16-08-2010, 12:39 PM
  4. ADSI and VB 2008 Error "Cannot Create ActiveX Component"
    By Mysteria in forum Software Development
    Replies: 3
    Last Post: 22-05-2009, 11:30 AM
  5. DCOM got error "Logon failure: unknown user name or bad password."
    By Chitesh in forum Small Business Server
    Replies: 2
    Last Post: 03-10-2006, 06:04 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,673,583.20269 seconds with 17 queries