0

I am trying to pragmatically (using powershell) bind to an AD LDS (ADAM) directory and change a users password.

I tried using this cmdlet

Set-ADAccountPassword -Identity $identity -Server 'localhost:389' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$password" -Force);

which works fine if I use it manually, but it does not work if done by the service even though the service is running as the same user as when this is run manually. If anyone has any ideas why this would be I would appreciate it.

function JICSpwd {
    Param(
      [string]$username,
      [string]$password
      )

    if ($username -and $password) {

        if ($username -notmatch '^\d+$'){

            $id_num = $(getID $username);

        } else {

            $id_num = $username;

        }

        try {           

            if ($id_num){
                $identity = "CN=$id_num,OU=PortalUsers,CN=Portal,O=Jenzabar,C=US";          

                Set-ADAccountPassword -Identity $identity -Server 'my.domain.edu:389' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$password" -Force);         

                Write-Log -Message "Successfully updated JICS password ($id_num)";

            }

        } catch [Exception] {       

            Write-Log -Message "Failed to update JICS password ($username)" -Level Warn;
            Write-Log -Message "---> $_.Exception.GetType().FullName, $_.Exception.Message"  -Level Warn;

        }

    }
}
rpeleltierrefocus
  • 1
  • 4
  • "but it does not work if done by the service" - what happens exactly? Error messages? – Mathias R. Jessen May 10 '19 at 13:54
  • No, no error message. I have the command running in a try catch with logging and it appears to run without a problem. However, the password does not change. – rpeleltierrefocus May 10 '19 at 13:56
  • Apologies, I should have included my function, I have edited my post. – rpeleltierrefocus May 10 '19 at 14:02
  • Don't quote the `$password` variable, but it use as-is. `-NewPassword (ConvertTo-SecureString -AsPlainText $password -Force)`. Have you checked what this `$id_num = $(getID $username)` returns? – Theo May 10 '19 at 14:30

0 Answers0