Hello everyone,
I have an ASP page on which Active Directory users can change their AD password. However they can only use it as long as their password isn't expired.
When their password is expired, they can't change it anymore.
I've ran some tests, and i've noticed that only people in our domain-administrator group can change their password, if it is expired.
Does anybody know how this problem can be solved? Placing all users in the domain-admin group is not an option.
Here is the script :
using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.DirectoryServices;
using System.Text;
public partial class _Default : System.Web.UI.Page
{
private static String DOMAIN_PREFIX = "LDAP://";
private static String DOMAIN = " °°°°°°°°°";
/* This is a user that is especially created for this service */
private static String SERVICE_USER = "change_password";
private static String SERVICE_PASSWORD = " °°°°°°°°°°";
protected void Page_Load(object sender, EventArgs e)
{
LabelMessage.Text = "";
TextBoxDomain.Text = DOMAIN;
}
protected void ChangeButton_Click(object sender, EventArgs e) {
LabelMessage.Text = "";
StringBuilder errors = new StringBuilder();
if (String.IsNullOrEmpty(TextBoxDomain.Text)) {
errors.AppendLine("<li>Please fill in your domain.</li>");
}
if (String.IsNullOrEmpty(TextBoxUserName.Text)) {
errors.AppendLine("<li>Please fill in your username.</li>");
}
if (String.IsNullOrEmpty(TextBoxOldPassword.Text)) {
errors.AppendLine("<li>Please fill in your old password.</li>");
}
if (String.IsNullOrEmpty(TextBoxNewPassword.Text)) {
errors.AppendLine("<li>Please fill in your new password.</li>");
}
if (String.IsNullOrEmpty(TextBoxNewPasswordAgain.Text)) {
errors.AppendLine("<li>Please fill in your new password again.</li>");
}
if (errors.Length == 0 && !TextBoxNewPassword.Text.Equals(TextBoxNewPasswordAgain.Text)) {
errors.AppendLine("<li>Both new passwords should be equal.</li>");
}
if (errors.Length != 0) {
errors.Insert(0, "<p>You password isn't changed!</p><ul>");
errors.AppendLine("</ul>");
LabelMessage.Text = errors.ToString();
LabelMessage.CssClass = "fail";
return;
}
String username = TextBoxUserName.Text;
String oldPassword = TextBoxOldPassword.Text;
String newPassword = TextBoxNewPassword.Text;
String domain = DOMAIN_PREFIX + TextBoxDomain.Text;
changePassword(domain, username, oldPassword, newPassword);
}
private void changePassword(String domain, String username, String oldPassword, String newPassword) {
try {
DirectoryEntry root = new DirectoryEntry(domain, SERVICE_USER, SERVICE_PASSWORD);
DirectorySearcher ds = new DirectorySearcher(root);
ds.CacheResults = false;
ds.SearchScope = SearchScope.Subtree;
ds.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
SearchResult res = ds.FindOne();
if (res == null) {
throw new Exception("User not found in this domain.");
}
DirectoryEntry user = res.GetDirectoryEntry();
if (user == null) {
throw new Exception("User not found.");
}
user.Invoke("ChangePassword", new Object[] { oldPassword, newPassword });
LabelMessage.Text = "Your password is changed!";
LabelMessage.CssClass = "success";
} catch (Exception e) {
if (e.InnerException != null){
e = e.InnerException;
}
LabelMessage.Text = "<p>Please try again!</p><p>" + e.Message + "</p>";
LabelMessage.CssClass = "fail";
//throw e;
}
}
}
Thanks in Advance,
Tim
Bookmarks