Change an Active Directory password in C#

Posted on

Change an Active Directory password in C# – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about active-directory, password, windows, , .

At first, please forgive my English, it is not my mother tongue.

Then, here is my problem: I’m working on a web platform that manage the Active Directory. I can create, delete, edit a group, user, OU, and so on.

But. Yeah, but. When a connected user want to change his own password with the platform, it fails. It comes from DirectoryEntry.Invoke.

I used the DirectoryServices.DirectoryEntry:

directoryEntry.Invoke("SetPassword", password);
directoryEntry.Commit();

So I tried System.DirectoryServices.AccountManagement, that way:

PrincipalContext ctx = new PrincipalContext(ContextType.Machine);
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, Username);
user.SetPassword(password_);
user.Save();

Different way, same problem. These codes work, it only fails when a user try to edit his own password.

How can a connected user change his own password ?
Why this weird problem ?

Any help would be greatful.

Solution :

I think the problem here is that your application does not have permission to update the password which is correct!

The authorized method for granting the ASP.NET application permission to the directory is by way of either a privileged IIS Application Pool running under the identity of a service account or by way of a COM+ entity running under the identity of a service account.

The SetPassword command only works for admin users, as it forcibly sets a new password without having to know the existing password. Non-admin users would need to use ChangePassword, which does require that you also pass the existing password along with the new password.

Leave a Reply

Your email address will not be published. Required fields are marked *