Ask a Question related to ASP.NET Security, Design and Development.
-
Thauhtopa #1
"User cannot change pwd" and "Pwd never expire" by using Directory
I create a account by using the DirectorySerive and it is running:
---------------------------------------------------------
Dim ContainerEntry As DirectoryEntry
Dim UserEntry As DirectoryEntry
Dim ChildCollection As DirectoryEntries
ContainerEntry = New DirectoryEntry(LDAPPath)
ChildCollection = ContainerEntry.Children
UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
"user")
UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
UserEntry.CommitChanges()
----------------------------------------------------
In the next step you see the adding of some information, it is running:
----------------------------------------------------
UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
& ComboSuffix.Text)
UserEntry.NativeObject.LastName = TextBoxLastName.Text
UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
TextBoxLastName.Text
UserEntry.NativeObject.Description = TextBoxDescription.Text
UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator: "
+ GetCurrentUserName()
UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
----------------------------------------------------
In the next Step you see to set some constants and a call of a Sub
(The Values for the Constans you can find, her
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
----------------------------------------------------
Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
-----------------------------------------------------
Now the last Steps, it is the sub to set the userAccountControl-value:
-----------------------------------------------------
Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
AccountOptions As Integer)
Dim val As Integer
val = Fix(User.Properties("userAccountControl").Value)
User.Properties("userAccountControl").Value = val Or AccountOptions
val = Fix(User.Properties("userAccountControl").Value)
User.CommitChanges()
End Sub 'SetAccountOptions
-----------------------------------------------------
The Result is:
The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is running
perfect.
the call
SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
NOTING HAPPENS
Now my question:
I need a solution to set the property "User Cannot Change Password" over the
DirectoryServices.
Help, please
Thauhtopa
Thauhtopa Guest
-
Zoom tool is "-" instead of "+" as default how can I change
When I select the zoom tool, instead of a + zoom, I get a - zoom. I have to hold down the alt key to get magnification. I don't understand how it got... -
Change user role from "Publisher" to "Administrator"
Have three users on a particular website - all need to be "administrators". Two are listed as administrators (one of which is me), the third is... -
CFINPUT type="radio" w/ "value" requires "label"
On a Flash form, when you specify type='radio' and value='whatever', the value of the 'value' attribute will be displayed as a label if no 'label'... -
Can actionscript change a "Button's" "Behavior"?
While a movie is playing in "level 0" a button is pressed to launch another movie in "level 1". Is there a way to change the button that was pressed... -
"Start" "Program" "Menu" list is empty
For what ever reason my list of installed programs in my "Start" "Programs" menu is empty. Anyone know how to restore the list. Thanks for your... -
Joe Kaplan \(MVP - ADSI\) #2 Re: "User cannot change pwd" and "Pwd never expire" by using Directory
You don't set that option in LDAP with that flag. Both the lockout flag and
the user can't change password flag don't work for Active Directory.
To set "user can't change password", you need to modify the DACL for the
user's object. I don't know of a specific .NET sample, but there is a
script sample that you can adopt on the KB.
Joe K.
"Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
news:85DDC95B-DA31-433C-8184-E149AC199C40@microsoft.com...>I create a account by using the DirectorySerive and it is running:
> ---------------------------------------------------------
> Dim ContainerEntry As DirectoryEntry
> Dim UserEntry As DirectoryEntry
> Dim ChildCollection As DirectoryEntries
> ContainerEntry = New DirectoryEntry(LDAPPath)
> ChildCollection = ContainerEntry.Children
> UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
> "user")
> UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
> UserEntry.CommitChanges()
> ----------------------------------------------------
>
> In the next step you see the adding of some information, it is running:
> ----------------------------------------------------
> UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
>
> UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
> & ComboSuffix.Text)
> UserEntry.NativeObject.LastName = TextBoxLastName.Text
> UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
> TextBoxLastName.Text
> UserEntry.NativeObject.Description = TextBoxDescription.Text
> UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator:
> "
> + GetCurrentUserName()
> UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
> ----------------------------------------------------
>
> In the next Step you see to set some constants and a call of a Sub
> (The Values for the Constans you can find, here
> [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
> ----------------------------------------------------
> Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
> Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
> SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
> SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
> -----------------------------------------------------
>
> Now the last Steps, it is the sub to set the userAccountControl-value:
> -----------------------------------------------------
> Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
> AccountOptions As Integer)
> Dim val As Integer
> val = Fix(User.Properties("userAccountControl").Value)
> User.Properties("userAccountControl").Value = val Or AccountOptions
> val = Fix(User.Properties("userAccountControl").Value)
> User.CommitChanges()
> End Sub 'SetAccountOptions
> -----------------------------------------------------
>
> The Result is:
> The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
> running
> perfect.
>
> the call
> SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
> NOTING HAPPENS
>
> Now my question:
> I need a solution to set the property "User Cannot Change Password" over
> the
> DirectoryServices.
>
> Help, please
> Thauhtopa
Joe Kaplan \(MVP - ADSI\) Guest
-
Thauhtopa #3 Re: "User cannot change pwd" and "Pwd never expire" by using Direc
Thank's for the Tip, have you a link for a example, please
Thauhtopa
"Joe Kaplan (MVP - ADSI)" wrote:
> You don't set that option in LDAP with that flag. Both the lockout flag and
> the user can't change password flag don't work for Active Directory.
>
> To set "user can't change password", you need to modify the DACL for the
> user's object. I don't know of a specific .NET sample, but there is a
> script sample that you can adopt on the KB.
>
> Joe K.
>
>
> "Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
> news:85DDC95B-DA31-433C-8184-E149AC199C40@microsoft.com...>> >I create a account by using the DirectorySerive and it is running:
> > ---------------------------------------------------------
> > Dim ContainerEntry As DirectoryEntry
> > Dim UserEntry As DirectoryEntry
> > Dim ChildCollection As DirectoryEntries
> > ContainerEntry = New DirectoryEntry(LDAPPath)
> > ChildCollection = ContainerEntry.Children
> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
> > "user")
> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
> > UserEntry.CommitChanges()
> > ----------------------------------------------------
> >
> > In the next step you see the adding of some information, it is running:
> > ----------------------------------------------------
> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
> >
> > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
> > & ComboSuffix.Text)
> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
> > TextBoxLastName.Text
> > UserEntry.NativeObject.Description = TextBoxDescription.Text
> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator:
> > "
> > + GetCurrentUserName()
> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
> > ----------------------------------------------------
> >
> > In the next Step you see to set some constants and a call of a Sub
> > (The Values for the Constans you can find, here
> > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
> > ----------------------------------------------------
> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
> > -----------------------------------------------------
> >
> > Now the last Steps, it is the sub to set the userAccountControl-value:
> > -----------------------------------------------------
> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
> > AccountOptions As Integer)
> > Dim val As Integer
> > val = Fix(User.Properties("userAccountControl").Value)
> > User.Properties("userAccountControl").Value = val Or AccountOptions
> > val = Fix(User.Properties("userAccountControl").Value)
> > User.CommitChanges()
> > End Sub 'SetAccountOptions
> > -----------------------------------------------------
> >
> > The Result is:
> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
> > running
> > perfect.
> >
> > the call
> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
> > NOTING HAPPENS
> >
> > Now my question:
> > I need a solution to set the property "User Cannot Change Password" over
> > the
> > DirectoryServices.
> >
> > Help, please
> > Thauhtopa
>
>Thauhtopa Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: "User cannot change pwd" and "Pwd never expire" by using Direc
Google turned this up:
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;301287[/url]
Joe K.
"Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
news:4EAD6339-5961-4634-BEA4-638F989D7311@microsoft.com...> Thank's for the Tip, have you a link for a example, please
> Thauhtopa
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>>> You don't set that option in LDAP with that flag. Both the lockout flag
>> and
>> the user can't change password flag don't work for Active Directory.
>>
>> To set "user can't change password", you need to modify the DACL for the
>> user's object. I don't know of a specific .NET sample, but there is a
>> script sample that you can adopt on the KB.
>>
>> Joe K.
>>
>>
>> "Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
>> news:85DDC95B-DA31-433C-8184-E149AC199C40@microsoft.com...>>>> >I create a account by using the DirectorySerive and it is running:
>> > ---------------------------------------------------------
>> > Dim ContainerEntry As DirectoryEntry
>> > Dim UserEntry As DirectoryEntry
>> > Dim ChildCollection As DirectoryEntries
>> > ContainerEntry = New DirectoryEntry(LDAPPath)
>> > ChildCollection = ContainerEntry.Children
>> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " +
>> > strLastName,
>> > "user")
>> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
>> > UserEntry.CommitChanges()
>> > ----------------------------------------------------
>> >
>> > In the next step you see the adding of some information, it is running:
>> > ----------------------------------------------------
>> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
>> >
>> > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
>> > & ComboSuffix.Text)
>> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
>> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " "
>> > +
>> > TextBoxLastName.Text
>> > UserEntry.NativeObject.Description = TextBoxDescription.Text
>> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct
>> > creator:
>> > "
>> > + GetCurrentUserName()
>> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
>> > ----------------------------------------------------
>> >
>> > In the next Step you see to set some constants and a call of a Sub
>> > (The Values for the Constans you can find, here
>> > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
>> > ----------------------------------------------------
>> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
>> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
>> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
>> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
>> > -----------------------------------------------------
>> >
>> > Now the last Steps, it is the sub to set the userAccountControl-value:
>> > -----------------------------------------------------
>> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
>> > AccountOptions As Integer)
>> > Dim val As Integer
>> > val = Fix(User.Properties("userAccountControl").Value)
>> > User.Properties("userAccountControl").Value = val Or AccountOptions
>> > val = Fix(User.Properties("userAccountControl").Value)
>> > User.CommitChanges()
>> > End Sub 'SetAccountOptions
>> > -----------------------------------------------------
>> >
>> > The Result is:
>> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
>> > running
>> > perfect.
>> >
>> > the call
>> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
>> > NOTING HAPPENS
>> >
>> > Now my question:
>> > I need a solution to set the property "User Cannot Change Password"
>> > over
>> > the
>> > DirectoryServices.
>> >
>> > Help, please
>> > Thauhtopa
>>
>>
Joe Kaplan \(MVP - ADSI\) Guest
-
Thauhtopa #5 Re: "User cannot change pwd" and "Pwd never expire" by using Direc
Many Thanks
Thauhtopa
"Joe Kaplan (MVP - ADSI)" schrieb:
> Google turned this up:
>
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;301287[/url]
>
> Joe K.
>
> "Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
> news:4EAD6339-5961-4634-BEA4-638F989D7311@microsoft.com...>> > Thank's for the Tip, have you a link for a example, please
> > Thauhtopa
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >> >> You don't set that option in LDAP with that flag. Both the lockout flag
> >> and
> >> the user can't change password flag don't work for Active Directory.
> >>
> >> To set "user can't change password", you need to modify the DACL for the
> >> user's object. I don't know of a specific .NET sample, but there is a
> >> script sample that you can adopt on the KB.
> >>
> >> Joe K.
> >>
> >>
> >> "Thauhtopa" <Thauhtopa@discussions.microsoft.com> wrote in message
> >> news:85DDC95B-DA31-433C-8184-E149AC199C40@microsoft.com...
> >> >I create a account by using the DirectorySerive and it is running:
> >> > ---------------------------------------------------------
> >> > Dim ContainerEntry As DirectoryEntry
> >> > Dim UserEntry As DirectoryEntry
> >> > Dim ChildCollection As DirectoryEntries
> >> > ContainerEntry = New DirectoryEntry(LDAPPath)
> >> > ChildCollection = ContainerEntry.Children
> >> > UserEntry = ChildCollection.Add("CN=" & strFirstName + " " +
> >> > strLastName,
> >> > "user")
> >> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
> >> > UserEntry.CommitChanges()
> >> > ----------------------------------------------------
> >> >
> >> > In the next step you see the adding of some information, it is running:
> >> > ----------------------------------------------------
> >> > UserEntry.Properties("samAccountName").Add(TextBox NewAccountPre.Text)
> >> >
> >> > UserEntry.Properties("userPrincipalName").Add(Text BoxNewAccount.Text
> >> > & ComboSuffix.Text)
> >> > UserEntry.NativeObject.LastName = TextBoxLastName.Text
> >> > UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " "
> >> > +
> >> > TextBoxLastName.Text
> >> > UserEntry.NativeObject.Description = TextBoxDescription.Text
> >> > UserEntry.NativeObject.physicaldeliveryofficename = "Acct
> >> > creator:
> >> > "
> >> > + GetCurrentUserName()
> >> > UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
> >> > ----------------------------------------------------
> >> >
> >> > In the next Step you see to set some constants and a call of a Sub
> >> > (The Values for the Constans you can find, here
> >> > [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_useraccountcontrol.asp):[/url]
> >> > ----------------------------------------------------
> >> > Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
> >> > Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
> >> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
> >> > SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
> >> > -----------------------------------------------------
> >> >
> >> > Now the last Steps, it is the sub to set the userAccountControl-value:
> >> > -----------------------------------------------------
> >> > Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
> >> > AccountOptions As Integer)
> >> > Dim val As Integer
> >> > val = Fix(User.Properties("userAccountControl").Value)
> >> > User.Properties("userAccountControl").Value = val Or AccountOptions
> >> > val = Fix(User.Properties("userAccountControl").Value)
> >> > User.CommitChanges()
> >> > End Sub 'SetAccountOptions
> >> > -----------------------------------------------------
> >> >
> >> > The Result is:
> >> > The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is
> >> > running
> >> > perfect.
> >> >
> >> > the call
> >> > SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
> >> > NOTING HAPPENS
> >> >
> >> > Now my question:
> >> > I need a solution to set the property "User Cannot Change Password"
> >> > over
> >> > the
> >> > DirectoryServices.
> >> >
> >> > Help, please
> >> > Thauhtopa
> >>
> >>
> >>
>
>Thauhtopa Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
