Directory Programming .NET

Active Directory and ADAM programming support for .NET developers
Welcome to Directory Programming .NET Sign in | Join | Help
in Search
Home Forums Files Roller
Directory Programming .NET » General Discussions » Active Directory/ADAM LDAP Dis... » Re: Prevent user from changing password

Prevent user from changing password

Last post 02-04-2010, 3:45 PM by joe. 5 replies.
Sort Posts: Previous Next

  •  02-02-2010, 1:52 PM 7772

    Prevent user from changing password

    I am trying to set on an AD user the option that prevents the user from changing his/her password, corresponding to the "User cannot change password" GUI setting.

    So far I have only found a rather tricky way of doing this via the native ADSI API though, does anyone know of a way to do this via the .NET System.DirectoryServices API? Any help is much appreciated.

  •  02-02-2010, 3:34 PM 7776 in reply to 7772

    Re: Prevent user from changing password

    You have to modify the ACL to do this. There is no simple attribute change that accomplishes this behavior. You can do the same ACL change you are probably doing now using S.DS using the ActiveDirectorySecurity class but the basic mechanics of it are all pretty much the same. Generally speaking if you are doing .NET, you'll be better off using the .NET wrappers for the ACL stuff.

    I'm not sure if I've got a handy sample available or not.

  •  02-03-2010, 6:18 AM 7780 in reply to 7776

    Re: Prevent user from changing password

    Thanks. I tried achieving this using ActiveDirectorySecurity, actually, trying to deduce how it maps to an AD recipe I have at hand (http://msdn.microsoft.com/en-us/library/ms817839.aspx).

    My .NET attempt looks like this (in Python): http://pastebin.com/f6994b511. If you could help me make this work, it'd be fantastic.

  •  02-03-2010, 12:42 PM 7784 in reply to 7780

    Re: Prevent user from changing password

    Throwing Python syntax at me? Argh! :)

    I'm not actually sure what's wrong here. The thing that I always recommend is to use the tool ldp.exe because it has an excellent detail-level ACL editor. You can use it to do before and after comparisons of the ACL when you make the change with the GUI and you make the change in your code to see if they result in the same ACL. From there you might be able to see what the difference is.

    On the surface, I don't see what's different in your code from the sample published so hopefully the LDP trick will give you the info you need. Please post back with your results.

  •  02-04-2010, 6:54 AM 7787 in reply to 7784

    Re: Prevent user from changing password

    By asking on stackoverflow.com, I was informed of the new System.DirectoryServices.AccountManagement API in .NET 3.5. It contains the class UserPrincipal, which allowed me to set this option with a simple boolean property :)

  •  02-04-2010, 3:45 PM 7791 in reply to 7787

    Re: Prevent user from changing password

    I probably should have recommended that to you. Wasn't sure if it was an option. Glad it works for you!
View as RSS news feed in XML
© Dunn & Kaplan, 2008