none
SetPassword for ad lds user using ad lds credentials c# RRS feed

  • Question

  • Code Snippet that works using ad ds credentials.The Same doesn't work when provided with ad lds credentials.(Throws incorrect username or password exception)

                           

                                const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
                                const long ADS_OPTION_PASSWORD_METHOD = 7;
                                const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0;
                                const int ADS_PASSWORD_ENCODE_CLEAR = 1;
                                int intPort = 0;
                                intPort = Int32.Parse(port1); //port1 is where ad lds server runs on 
                                String Path;
                                Path = "LDAP://" + dc1 + ":" + port1 + "/" + ResetUserDN;
                                DirectoryEntry compEntries ;
                                AuthenticationTypes authtype = AuthenticationTypes.Signing | AuthenticationTypes.Sealing | AuthenticationTypes.Secure;
                                compEntries = new DirectoryEntry(Path, UserName, Password, authtype);
                                compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_PORTNUMBER, intPort });
                                compEntries.Invoke("SetOption", new object[] {ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR});
                                compEntries.RefreshCache();
                                compEntries.Invoke("SetPassword", new object[] { password });

    Below is the code that works when ssl is setup for ad lds and uses ad lds credentials.

                                String Path;
                                Path = "LDAP://" + dc1 + ":" + port1 + "/" + ResetUserDN;
                                DirectoryEntry compEntries = new DirectoryEntry(Path, UserDN, Password, AuthenticationTypes.SecureSocketsLayer);
                                compEntries.Invoke("SetPassword", new object[] { password });

    Is There an alternative way to reset password without having to setup ssl for ad lds as i cannot ask the customer to setup ssl for ad lds. Only other way i could get to bind to ad lds using ad lds credentials, was by using AuthenticationTypes.None and i could not set password using that DirectoryEntry object(Exception Ox8000500D:Directory property cannot be found in cache).

    Tried this(below) to disable "Password operations over ldaps only" policy in active directory but doesn't work for me.

    C:\Windows\system32>dsmgmt
    
    dsmgmt: ds behavior
    
    AD DS/LDS behavior: connections
    
    server connections: connect to server localhost
    Binding to localhost ...
    Connected to localhost using credentials of locally logged on user.
    
    server connections: quit
    
    AD DS/LDS behavior: allow passwd op on unsecured connection
    Successfully modified DS Behavior to reset password over unsecured network.
    
    AD DS/LDS behavior: list current ds-behavior
    Password operations on unsecured connection: Allowed.
    
    AD DS/LDS behavior: quit
    dsmgmt: quit

    Any help would be much appreciated .thanks in advance!!

    Thursday, January 9, 2020 8:12 PM

Answers

  • Thanks for the response!! @Timon Yang

    This is what worked for me.

    Forgot setOption when tried to setPassword without ssl.

    const long ADS_OPTION_PASSWORD_PORTNUMBER = 6; const long ADS_OPTION_PASSWORD_METHOD = 7; const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0; const int ADS_PASSWORD_ENCODE_CLEAR = 1; int intPort = 0; intPort = Int32.Parse(port1);//ad lds server port  compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_PORTNUMBER, intPort }); if(ssl)

     compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_REQUIRE_SSL }); else

     compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR });  compEntries.RefreshCache();  compEntries.Invoke("SetPassword", new object[] { password });

    C:\Windows\system32>dsmgmt dsmgmt: ds behavior AD DS/LDS behavior: connections server connections: connect to server localhost Binding to localhost ... Connected to localhost using credentials of locally logged on user. server connections: quit AD DS/LDS behavior: allow passwd op on unsecured connection Successfully modified DS Behavior to reset password over unsecured network. AD DS/LDS behavior: list current ds-behavior Password operations on unsecured connection: Allowed. AD DS/LDS behavior: quit dsmgmt: quit

     and used this to allow password over unsecured connection.



    • Edited by venkatkri5h Sunday, January 12, 2020 7:30 PM
    • Marked as answer by venkatkri5h Sunday, January 12, 2020 7:31 PM
    Sunday, January 12, 2020 7:29 PM

All replies

  • Hello,

    Any code you post needs to be in a code block and not bold.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Thursday, January 9, 2020 8:55 PM
    Moderator
  • Hi venkatkri5h,

    Thank you for posting here.

    First, check if you entered the wrong username and password.

    Then, please refer to the link below that might help you.

    [.NET] Programatically setting passwords in ADAM (AD LDS).

    Password reset of AD LDS user.

    Can not set AD-LDS user-password with the UserPrincipal-class

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; Therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, January 10, 2020 5:32 AM
  • Thanks for the response!! @Timon Yang

    This is what worked for me.

    Forgot setOption when tried to setPassword without ssl.

    const long ADS_OPTION_PASSWORD_PORTNUMBER = 6; const long ADS_OPTION_PASSWORD_METHOD = 7; const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0; const int ADS_PASSWORD_ENCODE_CLEAR = 1; int intPort = 0; intPort = Int32.Parse(port1);//ad lds server port  compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_PORTNUMBER, intPort }); if(ssl)

     compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_REQUIRE_SSL }); else

     compEntries.Invoke("SetOption", new object[] { ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR });  compEntries.RefreshCache();  compEntries.Invoke("SetPassword", new object[] { password });

    C:\Windows\system32>dsmgmt dsmgmt: ds behavior AD DS/LDS behavior: connections server connections: connect to server localhost Binding to localhost ... Connected to localhost using credentials of locally logged on user. server connections: quit AD DS/LDS behavior: allow passwd op on unsecured connection Successfully modified DS Behavior to reset password over unsecured network. AD DS/LDS behavior: list current ds-behavior Password operations on unsecured connection: Allowed. AD DS/LDS behavior: quit dsmgmt: quit

     and used this to allow password over unsecured connection.



    • Edited by venkatkri5h Sunday, January 12, 2020 7:30 PM
    • Marked as answer by venkatkri5h Sunday, January 12, 2020 7:31 PM
    Sunday, January 12, 2020 7:29 PM