none
Required Delegated Permission for AuthenticablePrincipal.UnlockAccount Method () RRS feed

  • Question

  • HI

    I've searched for the required permissions/rights to Unlock a user account using the AuthenticablePrincipal.UnlockAccount Method ().

    The MSDN document at https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.authenticableprincipal.unlockaccount(v=vs.110).aspx does not outline the required permissions, just noting the error object returned for inappropriate rights.

    Could you please advise what the specific delegated permission required to unlock is.

    Thanks

    Andrew

    Wednesday, October 4, 2017 6:27 AM

All replies

  • The specific AD object type 'pwdLastSet' is the object requiring R/W permissions to unlock user accounts

    adRights 

    ReadProperty,WriteProperty

     accessControlType

    Allow

     objectType

    pwdLastSet

    inheritanceType 

    Descendents

    inheritedObjectType 

    user

    Wednesday, October 4, 2017 11:10 PM
  • Hi Andrew J Harvey,

    Thank you for posting here.

    According to the link you provided, you could use PrincipalContext to do something with username and password.  It shows the example in the MSDN article you provided.

    And you could try to run the application as admin. Right click the project, choose Security. Select Enable ClickOnce security settings, and then it will generate app.menifest file. After unselcet the Enable ClickOnce security settings.

    Change 

        <requestedExecutionLevel level="asInvoker" uiAccess="false" />

    to 

        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Thursday, October 5, 2017 6:27 AM
    Moderator