reset password while logged in as another domain

Hot Topic

Disable copy-paste in textbox
HELP! vb transparency?
How to upload files
Problem with XPath
Windows service does work every 24 hours
How to disable the refresh method of Picturebox
Form show unrequested
Text File Search Duplicate Lines
Unset currentcell of a Datagridview
Exe takes more than 35 sec. to load

Visual Basic

Do nothing in a while loop
Best method to restrict input
unique constraints
SQL and variables
New Printform 1.0 Powerpack question
Creating a component inherits from a windows forms control
Add columns from different tables in SQL to a datagridview to show info via SQL Query including joint statement.
Label not visible on form when Text property is blank.
argument not specified for parameter 'eventArgs' - calling sub in another UserControl
Regd enterprise library

reset password while logged in as another domain

hi ,

currently where i'm working there is a need for some users to use multiple Windows domains...

For example CONTOSO and NWTRADERS (ok we don't use these domains, but for example's sake)

The users log in under NWTRADERS and use Run As... to run programs that still needs to use CONTOSO credentials... Network drives are also mapped with CONTOSO credentials while logged in as NWTRADERs...

I would like to create a utility that would le tthe user know when their CONTOSO password is going to expire, and allow them to reset their contoso password, but requiring them to enter their original password first...

Basically invoke whatever windows does when you press Ctrl+alt+del then click Change Password... , except for a domain other than the one currently logged in...

Anybody know if this is possible or how I would start doing this

This utility might be useful also for dial in users whose passwords often expire because they don't get notifications of when it will expire..

I've had a look through google and although can find information how to reset password, not reset a password for user in different domain...

So let's use user is logged in as NWTRADERS\mccafma but would need to know when CONTOSO\mccafma's password would expire, and be able to reset it.

thanks,

chentiangemalc.

Answer this question

reset password while logged in as another domain

  • tcrussell

    Thanks for posting all your findings and additions, it helps us all!

    now in regards to the Find(), the AccountUserName in bold, did you add the domain\AccountUserName instead of just AccountUserName

    I'm also new at this so you'll have to bare with me!



  • LievenI

    indeed this is possible using WMI perhaps or the DirectoryServices. However not entirely sure how to do it on a domain, well, it may work I don't know. The code below is a rough sketch on how to connect to a Domain. You can modify the first line to this:


    Dim theEntry as new System.DirectoryServices.DirectoryEntry("WinNT://" & Environment.MachineName & ",computer", "UserName", "CurrentPassword", System.DirectoryServices.AuthenticationTypes.Secure Or System.DirectoryServices.AuthenticationTypes.Sealing or System.DirectoryServices.AuthenticationTypes.ServerBind)
     

    To connect to the local computer.

     

    import the System.DirectoryServices namespace



    Dim theEntry as new System.DirectoryServices.DirectoryEntry("LDAP://DC=Domain", "AccountUserName", "AccountCurrentPassword", System.DirectoryServices.AuthenticationTypes.Secure Or System.DirectoryServices.AuthenticationTypes.Sealing or System.DirectoryServices.AuthenticationTypes.ServerBind)
     
    Dim theUser as System.DirectoryServices.DirectoryEntry = theEntry.Children.Find("AccountUserName")
     
    if theUser Is Nothing = false then
       theUser.Invoke("ChangePassword", new object() { "OldPass", "NewPass" })
       theUser.CommitChanges()
    end if

     

     

    Does this work for you I don't have a domain to test it on so hopefully you can tell us what's happening. I do know that you can do this on the local computer and using WMI but I understand you need it to work for a domain account



  • Nils VG

    Hi there, thanks for your help...

    I made some modifications and got it to work with domain accounts... I think in a similar way I should be able to calculate how many days till password expires...

    (make sure add reference to System.DirectoryServices for this to work)

    This can be called as so...

    success = ChangePassword("bobsmith","domain","oldpassword","password")

    One problem still:

    Had to add '*' to LDAP query, otherwise doesn't find the user. For example

    (&(objectCategory=person)(objectClass=user)(userPrincipalName=bobsmith))

    didn't work

    had to use

    (&(objectCategory=person)(objectClass=user)(userPrincipalName=bobsmith*))

    Using Dim theUser as System.DirectoryServices.DirectoryEntry = theEntry.Children.Find("AccountUserName") didn't work, exception was thrown...

    Using ChangePassword also threw an exception - innerexception suggesting password didn't meet complexity requirements, although password did (and worked with SetPassword)

    Any advice on the error handling sections

    I'm quite new to VB.NET and want to ensure I am writing good code...

    ~

    Function ChangePassword(ByVal UserName As String, ByVal Domain As String, ByVal OldPassword As String, ByVal NewPassword As String) As Boolean

    ' Connect to Active Directory securely with user's username and password
    Dim myEntry As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, UserName, OldPassword, System.DirectoryServices.AuthenticationTypes.Secure)
    Dim mySearcher As System.DirectoryServices.DirectorySearcher = New System.DirectoryServices.DirectorySearcher(myEntry)
    Dim myResult As System.DirectoryServices.SearchResult
    Dim User As System.DirectoryServices.DirectoryEntry = New System.DirectoryServices.DirectoryEntry()

    mySearcher.Filter = "(&(objectCategory=person)(objectClass=user)(userPrincipalName=" & UserName & "*))"

    Try
    myResult = mySearcher.FindOne()

    If myResult Is Nothing = False Then
    User.Path = myResult.GetDirectoryEntry().Path
    User.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure

    Dim ret As Object = User.Invoke("SetPassword", NewPassword)

    User.CommitChanges()
    User.Close()

    ChangePassword = True
    End If
    Catch e As Exception
    ' Catch incorrect username/password/domain here...
    ChangePassword = False
    End Try

    End Function

  • payal tandon

    Yes I tried that other combination but didn't work...

    I also tried "cn=AccountUserName"

    I haven't been able to find much documentation on the correct usage of this Find() in regards to user accounts on domains...
  • reset password while logged in as another domain
Answer this question