Error on Password Change Of Active Directory User

Question

Hi I am trying to reset password of Active Directory User But I Am getting error,Following is my Code:

    public string ChangePassword(string Identity,strin         


        

Answer 1

If you are using .NET Framework 3.5 or later, the code below will solve the problem. Class definition is omitted.

using System.DirectoryServices.AccountManagement;

public static string ChangePassword(string adminUser, string adminPassword,
    string domain, string container, string userName, string newPassword)
{
    try
    {
        PrincipalContext principalContext = 
            new PrincipalContext(ContextType.Domain, domain, container, 
                adminUser, adminPassword);
        UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, userName);
        if (user == null) return "User Not Found In This Domain";

        user.SetPassword(newPassword);
        return user.Name;
    }
    catch (Exception ex)
    {
        return ex.Message;
    }
}

Usage:

ChangePassword(@"DOMAIN\Administrator", "password", "DOMAIN",
  "DC=Domain,DC=COM", userName, newPassword);

EDIT: Added a version for .NET 2.0 framework.

A change password method for .NET 2.0:

public static string ChangePassword20(string adminUser, string adminPassword,
    string container, string domainController, string userName, string newPassword)
{
    const AuthenticationTypes authenticationTypes = AuthenticationTypes.Secure |
        AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind;

    DirectoryEntry searchRoot = null;
    DirectorySearcher searcher = null;
    DirectoryEntry userEntry = null;

    try
    {
        searchRoot = new DirectoryEntry(String.Format("LDAP://{0}/{1}", 
            domainController, container), 
            adminUser, adminPassword, authenticationTypes);

        searcher = new DirectorySearcher(searchRoot);
        searcher.Filter = String.Format("sAMAccountName={0}", userName);
        searcher.SearchScope = SearchScope.Subtree;
        searcher.CacheResults = false;

        SearchResult searchResult = searcher.FindOne(); ;
        if (searchResult == null) return "User Not Found In This Domain";

        userEntry = searchResult.GetDirectoryEntry();

        userEntry.Invoke("SetPassword", new object[] { newPassword });
        userEntry.CommitChanges();

        return "New password set";
    }
    catch (Exception ex)
    {
        return ex.ToString();
    }
    finally
    {
        if (userEntry != null) userEntry.Dispose();
        if (searcher != null) searcher.Dispose();
        if (searchRoot != null) searchRoot.Dispose();
    }
}

Usage:

ChangePassword20(@"DOMAIN\Administrator", "password", "DC=Domain,DC=COM",
    "domainControllerName", "userName", "newPassword");

Answer 2

Few things:

• You should not be setting a username, password, or AuthN type on UserEntry.
• your success = UserEntry.Username... should be obj foo = UserEntry.NativeObject;. If that passes, you have a valid DE.
• You don't need to call CommitChanges() here.
• You would call ChangePassword in the context of the user, not the administrator. That will pass through the GetDirectoryEntry() call properly.