Click here to Skip to main content
13,596,713 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
I am looking for a Self service web based reset password- Active directory

Can somebody please advise me if this can be done or if there is some project example.
Thanks in advance
Posted 22-Feb-12 10:23am
Updated 17-Aug-12 10:47am
v6
Comments
Not Active 22-Feb-12 19:38pm
   
What part of this do you need help with? Changing the password or validating the RSA?
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

You can use the below code to fetch the logged IN user ID from AD as:

WindowsIdentity ident = WindowsIdentity.GetCurrent();
WindowsPrincipal user = new WindowsPrincipal(ident);
string username = StripDomainFromUserName(user.Identity.Name);

using (DirectoryEntry de = new DirectoryEntry("LDAP://" + StripDomain(user.Identity.Name)))
{
    using (DirectorySearcher adSearch = new DirectorySearcher(de))
    {
        adSearch.Filter = "(DomAccountName=" + username + ")";
        SearchResult adSearchResult = adSearch.FindOne();

        UserID = username;
        UserName = StripLoggedUserName(adSearchResult.Path);
    }
}
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 3

As the next step, you can use the below code to reset AD password as:

public string ResetPassword(bool reset)  
{  
        string sPwd = _user.Properties["sAMAccountName"][0].ToString() + ".tmp"; //static password here 
 
        int flags;  
                 
 
        if(reset)  
        {  
                //first have to remove "Password Never Expires Flag"  
                flags = (int)_user.Properties["userAccountControl"].Value;  
                if(Convert.ToBoolean(flags & UF_DONT_EXPIRE_PASSWD))  
                {  
                        flags = (flags ^ UF_DONT_EXPIRE_PASSWD);  
                        _user.Properties["userAccountControl"].Value = flags;  
                }  
                         
 
                if(_user.Properties.Contains("pwdLastSet"))  
                        _user.Properties["pwdLastSet"].Value = 0;  
                else  
                        _user.Properties["pwdLastSet"].Add(0);  
                }  
        else  
        {  
                //clear the change password at next login if it is there  
                if(_user.Properties.Contains("pwdLastSet"))  
                        _user.Properties["pwdLastSet"].Value = -1;  
                else  
                        _user.Properties["pwdLastSet"].Add(-1);  
                         
 
                //set the password never expires flag.  
                flags = (int)_user.Properties["userAccountControl"].Value;  
                if(!Convert.ToBoolean(flags & UF_DONT_EXPIRE_PASSWD))  
                {  
                        flags = (flags | UF_DONT_EXPIRE_PASSWD);  
                        _user.Properties["userAccountControl"].Value = flags;  
                }  
        }  
 
 
        //Change thread context to Admin's **IMPERSONATION CODE STARTS HERE**  
        IntPtr token = IntPtr.Zero;  
        string username = ""; //same as in your _user constructor  
        string domain = ""; //same as in your _user constructor  
 
 
        bool result = LogonUser(username, domain , Config.Settings.AdminPassword, 3, 0, out token); 
 
        if(!result)  
        {  
                int errCode = GetLastError();  
                string errMessage = String.Empty;  
                switch(errCode)  
                {  
                        case 5:  
                                errMessage = "Access Denied";  
                                break;  
                        case 1326:  
                                errMessage = "Logon failure: unknown user name or bad password.";  
                                break;  
                }  
                throw new Exception(String.Format("GetLastError() returned {0}, \"{1}\"", errCode, errMessage)); 
 
        }  
        else  
        {  
                WindowsIdentity wi = new WindowsIdentity(token);  
                WindowsImpersonationContext wic = wi.Impersonate();  
                _user.Invoke("SetPassword", new object[]{sPwd.ToLower()});  
                _user.CommitChanges();  
 
 
                wic.Undo(); //end impersonation **END IMPERSONATION**  
                CloseHandle(token);  
        }  
                         
 
        return sPwd.ToLower();  
} 
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 4

You can try this PowerShell command:

$ouser.psbase.invoke("SetPassword",$pwd)
$ouser.psbase.CommitChanges()
The Set-AdUserPwd.ps1 script is seen here.
Set-AdUserPwd.ps1
Function Set-AdUserPwd
{
Param(
[string]$user,
[string]$pwd
) #end param
$oUser = [adsi]"LDAP://$user"
$ouser.psbase.invoke("SetPassword",$pwd)
$ouser.psbase.CommitChanges()
} # end function Set-AdUserPwd
Set-AdUserPwd -user "cn=bob,ou=HSG_TestOU,dc=nwtraders,dc=com" -pwd P@ssword1

Otherwise, You can try this self service password reset (http://www.lepide.com/active-directory-self-service/) tool which provides facilitate to reset self active directory password and sent Email notification to users when their AD passwords expired.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web03-2016 | 2.8.180621.3 | Last Updated 3 Nov 2014
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100