none
DirectoryEntry.Invoke("setPassword", new object[] {"pass@123!"}) InnerException-"COMException (0x800706BA): One or more input parameters are invalid "

    Question

  • Hi,

    I am working on a website to reset user password. I coded like this to change password:

                                                             

    DirectoryEntry dirEntry = new DirectoryEntry("LDAP://SJTPNOC.DOMAIN/CN=_ldapuser,CN=Users,DC=SJTPNOC,DC=DOMAIN", "CN=_ldapuser,CN=Users,DC=SJTPNOC,DC=DOMAIN", "test1234!");
     dirEntry.AuthenticationType = AuthenticationTypes.None;          

                    dirEntry.Invoke("setPassword", new object[] {"pass@123!"});              


                    dirEntry.CommitChanges();
                    dirEntry.Close();

    But getting InnerException of "COMException (0x800706BA): One or more input parameters are invalid " and message "Exception has been thrown by the target of an invocation."

    Saturday, September 22, 2012 10:39 AM

Answers

  • Hi Damela,

    I think full soulution is not possible but I can give you the way to implement this functionality.

     LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(this._domain, Convert.ToInt32(this._port)));
            connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
            connection.SessionOptions.ProtocolVersion = 3;
            connection.AuthType = AuthType.Basic;      
            connection.SessionOptions.SecureSocketLayer = true;

     using (connection)
                {

    SearchRequest request = new SearchRequest(this._userDN, "(&(objectCategory=person)(objectClass=user)(filterexpresssion=username))",

    System.DirectoryServices.Protocols.SearchScope.Subtree);

                   SearchResponse response = (SearchResponse)connection.SendRequest(request);    
                    DirectoryAttributeModification modifyUserPassword = new DirectoryAttributeModification();
                    modifyUserPassword.Operation = DirectoryAttributeOperation.Replace;
                    modifyUserPassword.Name = "unicodePwd";
                    modifyUserPassword.Add(GetPasswordData(newPassword));

                    ModifyRequest modifyRequest = new ModifyRequest(response.Entries[0].DistinguishedName, modifyUserPassword);
                    DirectoryResponse dirResponse = connection.SendRequest(modifyRequest);
                }           

    _userDN should be the domain where user has to search.

    usernanme is like "mayank".

    filterexpression can be CN,ou,sAMAccountNmae

    GetPasswodData method used is

      private byte[] GetPasswordData(string password)
        {
            string formattedPassword;
            formattedPassword = String.Format("\"{0}\"", password);
            return (System.Text.Encoding.Unicode.GetBytes(formattedPassword));
        }

    Please tell me if you encounter any problem.

    • Marked as answer by mayank.karki Wednesday, October 17, 2012 5:02 PM
    Tuesday, October 16, 2012 6:05 AM

All replies

  • Maybe you should set the Password property directly since there is no setPassword function.

    Saturday, September 22, 2012 11:06 AM
  • Hi,

    Before going with "setPasssword" I am using like this

    dirEntry.Properties["userPassword"].value=newPassword;

    Code was executing successfully, but not reflecting changes in ad means password remains same.

    Saturday, September 22, 2012 11:10 AM
  • Use the below code might be helpful. Also you have to impersonate your web application because resetting user password requires administrative privilege.

    // Connect to Active Directory and get the DirectoryEntry object.
    DirectoryEntry oDE;
    oDE = new DirectoryEntry(ADUser, ADPassword,ADPath,  AuthenticationTypes.Secure);
    
    try
    {
       // Impersonate a user with administrative rights
       // other code
       
       // Reset the password
       oDE.Invoke("SetPassword", new object[] {NewPassword});
    
       // Remove impersonation 
       // ...
    } 
    catch (Exception excep)
    {
    }

    Try this and let us know if this works.

    All the best


    Mark it as helpful if so!!! thanks, Mithilesh

    Saturday, September 22, 2012 11:51 AM
  • Hi,

    I tried to use impersonator class as given in this link

    http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/a6c4e5d7-4265-4503-ace3-7513a61be564

    But getting error of "Login failure:Unknown username or bad password.".

    Thursday, September 27, 2012 10:03 AM
  • Hello mayank.karki! im trying to code a website to let the user in ActiveDirectory to change its password but haven't found anything usable yet, do you have a full C# solution already made?  Thanks in advance!
    Friday, October 12, 2012 5:03 PM
  • Hi Damela,

    I think full soulution is not possible but I can give you the way to implement this functionality.

     LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(this._domain, Convert.ToInt32(this._port)));
            connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
            connection.SessionOptions.ProtocolVersion = 3;
            connection.AuthType = AuthType.Basic;      
            connection.SessionOptions.SecureSocketLayer = true;

     using (connection)
                {

    SearchRequest request = new SearchRequest(this._userDN, "(&(objectCategory=person)(objectClass=user)(filterexpresssion=username))",

    System.DirectoryServices.Protocols.SearchScope.Subtree);

                   SearchResponse response = (SearchResponse)connection.SendRequest(request);    
                    DirectoryAttributeModification modifyUserPassword = new DirectoryAttributeModification();
                    modifyUserPassword.Operation = DirectoryAttributeOperation.Replace;
                    modifyUserPassword.Name = "unicodePwd";
                    modifyUserPassword.Add(GetPasswordData(newPassword));

                    ModifyRequest modifyRequest = new ModifyRequest(response.Entries[0].DistinguishedName, modifyUserPassword);
                    DirectoryResponse dirResponse = connection.SendRequest(modifyRequest);
                }           

    _userDN should be the domain where user has to search.

    usernanme is like "mayank".

    filterexpression can be CN,ou,sAMAccountNmae

    GetPasswodData method used is

      private byte[] GetPasswordData(string password)
        {
            string formattedPassword;
            formattedPassword = String.Format("\"{0}\"", password);
            return (System.Text.Encoding.Unicode.GetBytes(formattedPassword));
        }

    Please tell me if you encounter any problem.

    • Marked as answer by mayank.karki Wednesday, October 17, 2012 5:02 PM
    Tuesday, October 16, 2012 6:05 AM