I have a set of test accounts that are going to be created but the accounts will be setup to require password change on the first login. I want to write a program in C# to go through the test accounts and change the passwords.
Asked
Active
Viewed 1e+01k times
7 Answers
74
You can use the UserPrincipal class' SetPassword method, provided you have enough privileges, once you've found the correct UserPrincipal object. Use FindByIdentity to look up the principal object in question.
using (var context = new PrincipalContext( ContextType.Domain ))
{
using (var user = UserPrincipal.FindByIdentity( context, IdentityType.SamAccountName, userName ))
{
user.SetPassword( "newpassword" );
// or
user.ChangePassword( "oldPassword", "newpassword" );
user.Save();
}
}
1392023093user
- 1,047
- 4
- 21
- 37
tvanfosson
- 524,688
- 99
- 697
- 795
-
4That's only available in .NET 3.5 and up, BTW (the PrincipalContext and all). – marc_s Jul 04 '09 at 19:59
-
6Remember to `user.Save()` afterward. – R.D. Alkire Jul 28 '16 at 13:50
-
Great solution. How can I also toggle the "User must change password at next login" with your solution above? – Si8 Mar 04 '21 at 14:43
22
Here's a great Active Directory programming quick reference:
Howto: (Almost) Everything In Active Directory via C#
See the password reset code near the end.
public void ResetPassword(string userDn, string password)
{
DirectoryEntry uEntry = new DirectoryEntry(userDn);
uEntry.Invoke("SetPassword", new object[] { password });
uEntry.Properties["LockOutTime"].Value = 0; //unlock account
uEntry.Close();
}
C0d1ngJammer
- 550
- 1
- 6
- 21
TWA
- 12,756
- 13
- 56
- 92
-
The question is about changing a password, not setting a password. Two different things. Does the user know the current password? – joym8 Feb 19 '19 at 17:30
-
1This is great! I could change the password without the old password. Thanks Dana Holt! – Coskun Ozogul Nov 25 '20 at 08:16
-
When you set password in AD, you also have the option to force user to change it when using the temp password. How can I achieve it with the above code? Thanks – Si8 Mar 02 '21 at 15:21
13
Try this code. It works for me,
public void ChangeMyPassword(string domainName, string userName, string currentPassword, string newPassword)
{
try
{
string ldapPath = "LDAP://192.168.1.xx";
DirectoryEntry directionEntry = new DirectoryEntry(ldapPath, domainName + "\\" + userName, currentPassword);
if (directionEntry != null)
{
DirectorySearcher search = new DirectorySearcher(directionEntry);
search.Filter = "(SAMAccountName=" + userName + ")";
SearchResult result = search.FindOne();
if (result != null)
{
DirectoryEntry userEntry = result.GetDirectoryEntry();
if (userEntry != null)
{
userEntry.Invoke("ChangePassword", new object[] { currentPassword, newPassword });
userEntry.CommitChanges();
}
}
}
}
catch (Exception ex)
{
throw ex;
}
}
Rashad Valliyengal
- 3,132
- 1
- 25
- 39
-
This is the best method for changing password from a web app. It does not create a user folder on the server, and changes the password instead of an admin reset. Reasons why this is beneficial listed here. https://stackoverflow.com/questions/17493571/directoryservices-userprincipal-setpassword-ignores-password-policy-password-hi – BinaryPatrick Nov 09 '17 at 20:50
-
Why catch an exception just to throw it again? If you must, why not just "throw;" so that the exception doesn't lose the original stack trace? – Jamie Mar 09 '20 at 00:47
2
Here is the solution:
string newPassword = Membership.GeneratePassword(12, 4);
string quotePwd = String.Format(@"""{0}""", newPassword);
byte[] pwdBin = System.Text.Encoding.Unicode.GetBytes(quotePwd);
UserEntry.Properties["unicodePwd"].Value = pwdBin;
UserEntry.CommitChanges();
abatishchev
- 98,240
- 88
- 296
- 433
Mohamed Hachem
- 21
- 1
-
In my case, I receive the message: "The server is unwilling to process the request". – Samuel Jan 17 '13 at 21:44
-
0
It is possible to set a new password to a domain account, by using .NET Framework 2.0. See working code bellow:
string domainfqdn="mydomain.test.gov" //fqdn of the domain
string ldapPath =GetObjectDistinguishedName (objectClass.user,returnType.distinguishedName, args[0].ToString(),domainfqdn);
ldapPath="LDAP://" + domainfqdn + :389/"+ldapPath;
DirectoryEntry uEntry = new DirectoryEntry(ldapPath,null,null,AuthenticationTypes.Secure);
uEntry.CommitChanges();
Console.WriteLine(ldapPath);
string password="myS3cr3tPass"
uEntry.Invoke("SetPassword", new object[] { password });
uEntry.Properties["LockOutTime"].Value = 0; //unlock account
uEntry.CommitChanges();
uEntry.Close();
it is very importan to check the parameters at uEntry, the code will run under the current thread security context, unless the null values are specified
mallas
- 1
0
public void ResetPassword(string userName, string Password, string newPassword)
{
try
{
DirectoryEntry directoryEntry = new DirectoryEntry(Path, userName, Password);
if (directoryEntry != null)
{
DirectorySearcher searchEntry = new DirectorySearcher(directoryEntry);
searchEntry.Filter = "(samaccountname=" + userName + ")";
SearchResult result = searchEntry.FindOne();
if (result != null)
{
DirectoryEntry userEntry = result.GetDirectoryEntry();
if (userEntry != null)
{
userEntry.Invoke("SetPassword", new object[] { newPassword });
userEntry.Properties["lockouttime"].Value = 0;
}
}
}
}
catch (Exception ex)
{
Log.Error("Password Can't Change:" + ex.InnerException.Message);
}
}
dbc
- 104,963
- 20
- 228
- 340
Lavlesh Verma
- 1
- 1
- 2
0
I had an issue in a windows application using Change Password if Set Password was done earlier that same day to give the user a new password. This happened because our domain has a policy of a minimum password age. The solution was to also set the Password Change date to 0 (empty) when using Set Password so the user can subsequently change their password the same day.
Guy Glirbas
- 73
- 4