Check Password Reset on Active Directory Server

Question

I need to reset windows password of any user through my .Net application. I am using the user's username to get its Directory Entry from AD server. I got these two different methods for changing password :

entry.Invoke("ChangePassword", oldPass, newPass);

&

entry.Invoke("SetPassword", "pass@123");

But I am getting the following error when am trying these methods on live AD server :

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

I have 2 AD servers. One of them is live and another is for testing purpose. I just want to check if my code is working or not. Since, access is denied on live server I can not change and check later my own password through code. And if I am using the test AD server to change password, I don't know how to check whether the pasword is changed or not. Kindly give any suggestions to check if my code is working properly or not. Thanks in advance.

Answer 1

I think you're not getting a proper context setup before you call the invoke. Here's what I use for something similar. You'll need to set your own variables:

I'm using System.DirectoryServices.AccountManagement to get the functions.

//Domain related info
string _DCToUse = "myserver.domain.local";
string _ADConDomain = "DC=domain,DC=local";
string _AdDomain = "domain";
string _ADAdminUser = "administrator";
string _ADAdminPass = "password";

//User specific
string _UserName = "jsmith";
string _CurrentPass = "oldPass";
string _NewPass = "newPass";

    PrincipalContext principalContext =
      new PrincipalContext(ContextType.Domain, _DCToUse,
      _ADConDomain, _ADDomain+@"\"+_ADAdminUser, _ADAdminPass);
    UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, _UserName);

        if (user == null)
        {
             string ADErrorMsg = "Couldn't find user, check your spelling.";
             return Changed;
        }

        user.ChangePassword(oldPass, newPass);
        user.Save();