Menu
I have been searching around for quite some time now how to set/change a password and revoke/restore a user but have yet to find a solution that actually works for me.
I am beginning to lean towards the fact that I am crossing domains as the problem, even though I can programmatically create/delete/update and even connect/disconnect users from groups.
Basically, I've tried the following ways:
DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, adUserName, adPassword);
account.Invoke("SetPassword", "Password1");
account.Properties["LockOutTime"].Value = 0;
account.CommitChanges();
And also
account.Invoke("SetPassword", new object[] { "Password1" });
They both ultimately throw the error "One or more input parameters are invalid\r\n"
I then have tried to use the .NET 3.5 approach using principal context.
using (var context = new PrincipalContext(ContextType.Domain, adHostname, myContainer, ContextOptions.SimpleBind, adUserName, adPassword))
{
using (var user = UserPrincipal.FindByIdentity(context, account.Properties["sAMAccountName"].Value.ToString()))
{
user.SetPassword(password);
}
}
This approach is also throwing the same error as above. If I switch some things around (I can't seem to remember all the combinations I've tried), it will sometimes throw a "Local error has occurred" COM Exception.
Any help is much appreciated.
using System.DirectoryServices.Protocols;
LdapDirectoryIdentifier identifier = new LdapDirectoryIdentifier(_adHostname, 636);
NetworkCredential credential = new NetworkCredential(_adUserName, _adPassword);
string password = "MyRandomComplexPassword";
using (LdapConnection connection = new LdapConnection(identifier, credential))
{
connection.SessionOptions.SecureSocketLayer = true;
connection.SessionOptions.VerifyServerCertificate += delegate { return true; };
connection.AuthType = AuthType.Basic;
connection.Bind(credential);
DirectoryAttributeModification modPwd = new DirectoryAttributeModification();
modPwd.Operation = DirectoryAttributeOperation.Replace;
modPwd.Name = "unicodePwd";
modPwd.Add(Encoding.Unicode.GetBytes("\"" + password + "\""));
DirectoryAttributeModification[] dMods = new DirectoryAttributeModification[1];
dMods[0] = modPwd;
ModifyRequest modReq = new ModifyRequest(accountDN, dMods);
DirectoryResponse pwdModResponse;
pwdModResponse = connection.SendRequest(modReq);
}
854
You can't change the machine account password by using the Active Directory Users and Computers snap-in. But you can reset the password by using the Netdom.exe tool.
Run Command Prompt as an administrator, or start Windows 10 in safe mode with Command Prompt at the login screen. Type net user /domain USERNAME NEWPASS . Replace USERNAME and NEWPASS with the actual username and a new password for this user.
Microsoft Management Console (MMC)Step 1: Log in to the Active Directory server as an Administrator. Step 4: Right-click on the user account and click on the “Reset Password”. The next window allows you to type in a new password with the confirmation.
As an Administrator, start an elevated command line. List the domain user accounts. Change the password of a domain user. Optionally, use this command. Enter the requested information. In our example, we configured the password of a domain account named GOHAN. Congratulations! You are able to change a domain user password using the command-line.
Firstly let’s look at the most common built-in tools/methods: Active Directory Users and Computers – A nice GUI that’s been around since the dawn of AD is the most commonly used tool. You simply right-click on a user account, select reset password, and providing you have the correct privileges on that account, you can reset the password.
If you want to change the local Administator password on all domain computers at once, you might just edit the Default Domain Policy becasue that applies to all computers in the domain. Right-click Local Users and Groups, click New, and then Local User. In the New Local User Properties dialog box, for User Name, type Administrator.
Right-click Local Users and Groups, click New, and then Local User. In the New Local User Properties dialog box, for User Name, type Administrator. You can rename the Administrator account on every domain computer, as in this example, and you can specify the new password.
"new DirectoryEntry" does not bind the user account. The user needs to be searched out for setting password. Like this:
DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, null, null, AuthenticationTypes.Secure | AuthenticationTypes.Sealing | AuthenticationTypes.Signing);
DirectorySearcher search = new DirectorySearcher(account);
search.Filter = "(&(objectClass=user)(sAMAccountName=" + adUserName + "))";
account = search.FindOne().GetDirectoryEntry();
account.Invoke("SetPassword", "Password1");
account.Properties["LockOutTime"].Value = 0;
account.CommitChanges();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
