LDAP SetPassword Access is Denied

Question

the following code was working for 3 months without any problems. Since today I am getting the following error; “Exception has been thrown by the target of an invocation” and the inner exception; "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)"

The authentication function works. Here are my functions;

public bool Authenticate(string strUserName, string strPassword)
    {
        bool authenticated = false;
        using (
                var entry = new DirectoryEntry("LDAP://myldapserver", strUserName + "@domain", strPassword,
                                               AuthenticationTypes.Secure))
        {
            try
            {
                object nativeObject = entry.NativeObject;
                authenticated = true;
            }
            catch (DirectoryServicesCOMException ex)
            {
                return false;
            }

        }
        return authenticated;
    }

And the ChangePassword Method;

   public bool ChangePassword(string strUserName, string strOldPassword, string strNewPassword)
    {
        const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
        const long ADS_OPTION_PASSWORD_METHOD = 7;
        const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0;
        const int ADS_PASSWORD_ENCODE_CLEAR = 1;
        string strPort = "636";
        int intPort;
        intPort = Int32.Parse(strPort);

        try
        {
            string strUserString = "domain" + @"\" + strUserName.Trim();

            var entry = new DirectoryEntry("LDAP://myldapserver", strUserString, strOldPassword,
                                           AuthenticationTypes.Secure);
            var search = new DirectorySearcher(entry);
            string strFilter = "(SAMAccountName=" + strUserName + ")";
            search.Filter = strFilter;
            SearchResult result = search.FindOne();
            DirectoryEntry user = result.GetDirectoryEntry();

            user.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_PORTNUMBER, intPort });
            user.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR });
            **user.Invoke("SetPassword", new object[] { strNewPassword });**
            user.CommitChanges();
            user.Close();
        }

        catch (Exception exception)
        {
            string msg = exception.InnerException.Message;
            return false;
        }
        return true;
    }

It throws the expcetion when I invoke the SetPassword property. Any help would be greatly appreciated.

Answer 1

Here is the example:-

PrincipalContext pr = new PrincipalContext(ContextType.Domain, "corp.local", "OU=" + OU + ",OU=Users,dc=corp,dc=local", username, password);
UserPrincipal us = new UserPrincipal(pr);

To Change the Password

user.SetPassword("setPassword");

If you want the user should change the password at next Logon, you can use like this.

user.ExpirePasswordNow();

Here is your full code:-

public static Boolean ResetPassword(string username, string password, string DomainId, string setpassword, Boolean UnlockAccount,Boolean NextLogon)
{
   PrincipalContext pr = new PrincipalContext(ContextType.Domain, "corp.local", "dc=corp,dc=local", username, password);
   UserPrincipal user = UserPrincipal.FindByIdentity(pr, DomainId);

   Boolean flag = false;
   if (user != null && user.Enabled == true)
    {
       if (UnlockAccount)
        {
          user.UnlockAccount();
        }
        user.SetPassword(setpassword);
        if (NextLogon)
        {
          user.ExpirePasswordNow();
        }
        user.Save();
        flag = true;
    }
    else
      {
         flag = false;
      }
    user.Dispose();
    pr.Dispose();
    return flag;
   }

I found a good article here, if you want to use it in your way, have a look here,

http://www.primaryobjects.com/cms/article66.aspx