Professional Web Applications Themes

"User cannot change pwd" and "Pwd never expire" by using Directory - ASP.NET Security

I create a account by using the DirectorySerive and it is running: --------------------------------------------------------- Dim ContainerEntry As DirectoryEntry Dim UserEntry As DirectoryEntry Dim ChildCollection As DirectoryEntries ContainerEntry = New DirectoryEntry(LDAPPath) ChildCollection = ContainerEntry.Children UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName, "user") UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text) UserEntry.CommitChanges() ---------------------------------------------------- In the next step you see the adding of some information, it is running: ---------------------------------------------------- UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text) UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text & ComboSuffix.Text) UserEntry.NativeObject.LastName = TextBoxLastName.Text UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " + TextBoxLastName.Text UserEntry.NativeObject.Description = TextBoxDescription.Text UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator: " + GetCurrentUserName() UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text ---------------------------------------------------- In the next Step you see to ...

  1. #1

    Default "User cannot change pwd" and "Pwd never expire" by using Directory

    I create a account by using the DirectorySerive and it is running:
    ---------------------------------------------------------
    Dim ContainerEntry As DirectoryEntry
    Dim UserEntry As DirectoryEntry
    Dim ChildCollection As DirectoryEntries
    ContainerEntry = New DirectoryEntry(LDAPPath)
    ChildCollection = ContainerEntry.Children
    UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
    "user")
    UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    UserEntry.CommitChanges()
    ----------------------------------------------------

    In the next step you see the adding of some information, it is running:
    ----------------------------------------------------
    UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
    & ComboSuffix.Text)
    UserEntry.NativeObject.LastName = TextBoxLastName.Text
    UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
    TextBoxLastName.Text
    UserEntry.NativeObject.Description = TextBoxDescription.Text
    UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator: "
    + GetCurrentUserName()
    UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
    ----------------------------------------------------

    In the next Step you see to set some constants and a call of a Sub
    (The Values for the Constans you can find, her
    [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
    ----------------------------------------------------
    Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
    Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
    SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
    SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
    -----------------------------------------------------

    Now the last Steps, it is the sub to set the userAccountControl-value:
    -----------------------------------------------------
    Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
    AccountOptions As Integer)
    Dim val As Integer
    val = Fix(User.Properties("userAccountControl").Value)
    User.Properties("userAccountControl").Value = val Or AccountOptions
    val = Fix(User.Properties("userAccountControl").Value)
    User.CommitChanges()
    End Sub 'SetAccountOptions
    -----------------------------------------------------

    The Result is:
    The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is running
    perfect.

    the call
    SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
    NOTING HAPPENS

    Now my question:
    I need a solution to set the property "User Cannot Change Password" over the
    DirectoryServices.

    Help, please
    Thauhtopa
    Thauhtopa Guest

  2. #2

    Default Re: "User cannot change pwd" and "Pwd never expire" by using Directory

    You don't set that option in LDAP with that flag. Both the lockout flag and
    the user can't change password flag don't work for Active Directory.

    To set "user can't change password", you need to modify the DACL for the
    user's object. I don't know of a specific .NET sample, but there is a
    script sample that you can adopt on the KB.

    Joe K.


    "Thauhtopa" <Thauhtopadiscussions.microsoft.com> wrote in message
    news:85DDC95B-DA31-433C-8184-E149AC199C40microsoft.com...
    >I create a account by using the DirectorySerive and it is running:
    > ---------------------------------------------------------
    > Dim ContainerEntry As DirectoryEntry
    > Dim UserEntry As DirectoryEntry
    > Dim ChildCollection As DirectoryEntries
    > ContainerEntry = New DirectoryEntry(LDAPPath)
    > ChildCollection = ContainerEntry.Children
    > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
    > "user")
    > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    > UserEntry.CommitChanges()
    > ----------------------------------------------------
    >
    > In the next step you see the adding of some information, it is running:
    > ----------------------------------------------------
    > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    >
    > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
    > & ComboSuffix.Text)
    > UserEntry.NativeObject.LastName = TextBoxLastName.Text
    > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
    > TextBoxLastName.Text
    > UserEntry.NativeObject.Description = TextBoxDescription.Text
    > UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator:
    > "
    > + GetCurrentUserName()
    > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
    > ----------------------------------------------------
    >
    > In the next Step you see to set some constants and a call of a Sub
    > (The Values for the Constans you can find, here
    > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
    > ----------------------------------------------------
    > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
    > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
    > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
    > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
    > -----------------------------------------------------
    >
    > Now the last Steps, it is the sub to set the userAccountControl-value:
    > -----------------------------------------------------
    > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
    > AccountOptions As Integer)
    > Dim val As Integer
    > val = Fix(User.Properties("userAccountControl").Value)
    > User.Properties("userAccountControl").Value = val Or AccountOptions
    > val = Fix(User.Properties("userAccountControl").Value)
    > User.CommitChanges()
    > End Sub 'SetAccountOptions
    > -----------------------------------------------------
    >
    > The Result is:
    > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
    > running
    > perfect.
    >
    > the call
    > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
    > NOTING HAPPENS
    >
    > Now my question:
    > I need a solution to set the property "User Cannot Change Password" over
    > the
    > DirectoryServices.
    >
    > Help, please
    > Thauhtopa

    Joe Kaplan \(MVP - ADSI\) Guest

  3. #3

    Default Re: "User cannot change pwd" and "Pwd never expire" by using Direc

    Thank's for the Tip, have you a link for a example, please
    Thauhtopa

    "Joe Kaplan (MVP - ADSI)" wrote:
    > You don't set that option in LDAP with that flag. Both the lockout flag and
    > the user can't change password flag don't work for Active Directory.
    >
    > To set "user can't change password", you need to modify the DACL for the
    > user's object. I don't know of a specific .NET sample, but there is a
    > script sample that you can adopt on the KB.
    >
    > Joe K.
    >
    >
    > "Thauhtopa" <Thauhtopadiscussions.microsoft.com> wrote in message
    > news:85DDC95B-DA31-433C-8184-E149AC199C40microsoft.com...
    > >I create a account by using the DirectorySerive and it is running:
    > > ---------------------------------------------------------
    > > Dim ContainerEntry As DirectoryEntry
    > > Dim UserEntry As DirectoryEntry
    > > Dim ChildCollection As DirectoryEntries
    > > ContainerEntry = New DirectoryEntry(LDAPPath)
    > > ChildCollection = ContainerEntry.Children
    > > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
    > > "user")
    > > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    > > UserEntry.CommitChanges()
    > > ----------------------------------------------------
    > >
    > > In the next step you see the adding of some information, it is running:
    > > ----------------------------------------------------
    > > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    > >
    > > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
    > > & ComboSuffix.Text)
    > > UserEntry.NativeObject.LastName = TextBoxLastName.Text
    > > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
    > > TextBoxLastName.Text
    > > UserEntry.NativeObject.Description = TextBoxDescription.Text
    > > UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator:
    > > "
    > > + GetCurrentUserName()
    > > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
    > > ----------------------------------------------------
    > >
    > > In the next Step you see to set some constants and a call of a Sub
    > > (The Values for the Constans you can find, here
    > > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
    > > ----------------------------------------------------
    > > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
    > > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
    > > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
    > > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
    > > -----------------------------------------------------
    > >
    > > Now the last Steps, it is the sub to set the userAccountControl-value:
    > > -----------------------------------------------------
    > > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
    > > AccountOptions As Integer)
    > > Dim val As Integer
    > > val = Fix(User.Properties("userAccountControl").Value)
    > > User.Properties("userAccountControl").Value = val Or AccountOptions
    > > val = Fix(User.Properties("userAccountControl").Value)
    > > User.CommitChanges()
    > > End Sub 'SetAccountOptions
    > > -----------------------------------------------------
    > >
    > > The Result is:
    > > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
    > > running
    > > perfect.
    > >
    > > the call
    > > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
    > > NOTING HAPPENS
    > >
    > > Now my question:
    > > I need a solution to set the property "User Cannot Change Password" over
    > > the
    > > DirectoryServices.
    > >
    > > Help, please
    > > Thauhtopa
    >
    >
    >
    Thauhtopa Guest

  4. #4

    Default Re: "User cannot change pwd" and "Pwd never expire" by using Direc

    Google turned this up:

    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;301287[/url]

    Joe K.

    "Thauhtopa" <Thauhtopadiscussions.microsoft.com> wrote in message
    news:4EAD6339-5961-4634-BEA4-638F989D7311microsoft.com...
    > Thank's for the Tip, have you a link for a example, please
    > Thauhtopa
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    >> You don't set that option in LDAP with that flag. Both the lockout flag
    >> and
    >> the user can't change password flag don't work for Active Directory.
    >>
    >> To set "user can't change password", you need to modify the DACL for the
    >> user's object. I don't know of a specific .NET sample, but there is a
    >> script sample that you can adopt on the KB.
    >>
    >> Joe K.
    >>
    >>
    >> "Thauhtopa" <Thauhtopadiscussions.microsoft.com> wrote in message
    >> news:85DDC95B-DA31-433C-8184-E149AC199C40microsoft.com...
    >> >I create a account by using the DirectorySerive and it is running:
    >> > ---------------------------------------------------------
    >> > Dim ContainerEntry As DirectoryEntry
    >> > Dim UserEntry As DirectoryEntry
    >> > Dim ChildCollection As DirectoryEntries
    >> > ContainerEntry = New DirectoryEntry(LDAPPath)
    >> > ChildCollection = ContainerEntry.Children
    >> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " +
    >> > strLastName,
    >> > "user")
    >> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    >> > UserEntry.CommitChanges()
    >> > ----------------------------------------------------
    >> >
    >> > In the next step you see the adding of some information, it is running:
    >> > ----------------------------------------------------
    >> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    >> >
    >> > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
    >> > & ComboSuffix.Text)
    >> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
    >> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " "
    >> > +
    >> > TextBoxLastName.Text
    >> > UserEntry.NativeObject.Description = TextBoxDescription.Text
    >> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct
    >> > creator:
    >> > "
    >> > + GetCurrentUserName()
    >> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
    >> > ----------------------------------------------------
    >> >
    >> > In the next Step you see to set some constants and a call of a Sub
    >> > (The Values for the Constans you can find, here
    >> > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
    >> > ----------------------------------------------------
    >> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
    >> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
    >> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
    >> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
    >> > -----------------------------------------------------
    >> >
    >> > Now the last Steps, it is the sub to set the userAccountControl-value:
    >> > -----------------------------------------------------
    >> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
    >> > AccountOptions As Integer)
    >> > Dim val As Integer
    >> > val = Fix(User.Properties("userAccountControl").Value)
    >> > User.Properties("userAccountControl").Value = val Or AccountOptions
    >> > val = Fix(User.Properties("userAccountControl").Value)
    >> > User.CommitChanges()
    >> > End Sub 'SetAccountOptions
    >> > -----------------------------------------------------
    >> >
    >> > The Result is:
    >> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
    >> > running
    >> > perfect.
    >> >
    >> > the call
    >> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
    >> > NOTING HAPPENS
    >> >
    >> > Now my question:
    >> > I need a solution to set the property "User Cannot Change Password"
    >> > over
    >> > the
    >> > DirectoryServices.
    >> >
    >> > Help, please
    >> > Thauhtopa
    >>
    >>
    >>

    Joe Kaplan \(MVP - ADSI\) Guest

  5. #5

    Default Re: "User cannot change pwd" and "Pwd never expire" by using Direc

    Many Thanks
    Thauhtopa

    "Joe Kaplan (MVP - ADSI)" schrieb:
    > Google turned this up:
    >
    > [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;301287[/url]
    >
    > Joe K.
    >
    > "Thauhtopa" <Thauhtopadiscussions.microsoft.com> wrote in message
    > news:4EAD6339-5961-4634-BEA4-638F989D7311microsoft.com...
    > > Thank's for the Tip, have you a link for a example, please
    > > Thauhtopa
    > >
    > > "Joe Kaplan (MVP - ADSI)" wrote:
    > >
    > >> You don't set that option in LDAP with that flag. Both the lockout flag
    > >> and
    > >> the user can't change password flag don't work for Active Directory.
    > >>
    > >> To set "user can't change password", you need to modify the DACL for the
    > >> user's object. I don't know of a specific .NET sample, but there is a
    > >> script sample that you can adopt on the KB.
    > >>
    > >> Joe K.
    > >>
    > >>
    > >> "Thauhtopa" <Thauhtopadiscussions.microsoft.com> wrote in message
    > >> news:85DDC95B-DA31-433C-8184-E149AC199C40microsoft.com...
    > >> >I create a account by using the DirectorySerive and it is running:
    > >> > ---------------------------------------------------------
    > >> > Dim ContainerEntry As DirectoryEntry
    > >> > Dim UserEntry As DirectoryEntry
    > >> > Dim ChildCollection As DirectoryEntries
    > >> > ContainerEntry = New DirectoryEntry(LDAPPath)
    > >> > ChildCollection = ContainerEntry.Children
    > >> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " +
    > >> > strLastName,
    > >> > "user")
    > >> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    > >> > UserEntry.CommitChanges()
    > >> > ----------------------------------------------------
    > >> >
    > >> > In the next step you see the adding of some information, it is running:
    > >> > ----------------------------------------------------
    > >> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
    > >> >
    > >> > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
    > >> > & ComboSuffix.Text)
    > >> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
    > >> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " "
    > >> > +
    > >> > TextBoxLastName.Text
    > >> > UserEntry.NativeObject.Description = TextBoxDescription.Text
    > >> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct
    > >> > creator:
    > >> > "
    > >> > + GetCurrentUserName()
    > >> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
    > >> > ----------------------------------------------------
    > >> >
    > >> > In the next Step you see to set some constants and a call of a Sub
    > >> > (The Values for the Constans you can find, here
    > >> > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
    > >> > ----------------------------------------------------
    > >> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
    > >> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
    > >> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
    > >> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
    > >> > -----------------------------------------------------
    > >> >
    > >> > Now the last Steps, it is the sub to set the userAccountControl-value:
    > >> > -----------------------------------------------------
    > >> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
    > >> > AccountOptions As Integer)
    > >> > Dim val As Integer
    > >> > val = Fix(User.Properties("userAccountControl").Value)
    > >> > User.Properties("userAccountControl").Value = val Or AccountOptions
    > >> > val = Fix(User.Properties("userAccountControl").Value)
    > >> > User.CommitChanges()
    > >> > End Sub 'SetAccountOptions
    > >> > -----------------------------------------------------
    > >> >
    > >> > The Result is:
    > >> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
    > >> > running
    > >> > perfect.
    > >> >
    > >> > the call
    > >> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
    > >> > NOTING HAPPENS
    > >> >
    > >> > Now my question:
    > >> > I need a solution to set the property "User Cannot Change Password"
    > >> > over
    > >> > the
    > >> > DirectoryServices.
    > >> >
    > >> > Help, please
    > >> > Thauhtopa
    > >>
    > >>
    > >>
    >
    >
    >
    Thauhtopa Guest

Similar Threads

  1. Zoom tool is "-" instead of "+" as default how can I change
    By Terry L. Martin in forum Adobe Photoshop 7, CS, CS2 & CS3
    Replies: 2
    Last Post: May 22nd, 04:20 AM
  2. Change user role from "Publisher" to "Administrator"
    By trialbomfunknumber2 in forum Macromedia Contribute Connection Administrtion
    Replies: 1
    Last Post: September 19th, 06:51 AM
  3. Replies: 1
    Last Post: April 24th, 01:27 PM
  4. CFINPUT type="radio" w/ "value" requires "label"
    By Iceborer in forum Macromedia ColdFusion
    Replies: 2
    Last Post: February 21st, 06:16 PM
  5. "Start" "Program" "Menu" list is empty
    By Pete in forum Windows XP/2000/ME
    Replies: 2
    Last Post: July 10th, 10:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139