How to set/change Active Directory user password across domains using C# .NET?

I have been searching around for quite some time now how to set/change a password and revoke/restore a user but have yet to find a solution that actually works for me.

I am beginning to lean towards the fact that I am crossing domains as the problem, even though I can programmatically create/delete/update and even connect/disconnect users from groups.

Basically, I've tried the following ways:

DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, adUserName, adPassword);  account.Invoke("SetPassword", "Password1"); account.Properties["LockOutTime"].Value = 0; account.CommitChanges(); 

And also

account.Invoke("SetPassword", new object[] { "Password1" }); 

They both ultimately throw the error "One or more input parameters are invalid\r\n"

I then have tried to use the .NET 3.5 approach using principal context.

using (var context = new PrincipalContext(ContextType.Domain, adHostname, myContainer, ContextOptions.SimpleBind, adUserName, adPassword))     {         using (var user = UserPrincipal.FindByIdentity(context, account.Properties["sAMAccountName"].Value.ToString()))         {              user.SetPassword(password);         }     }     

This approach is also throwing the same error as above. If I switch some things around (I can't seem to remember all the combinations I've tried), it will sometimes throw a "Local error has occurred" COM Exception.

Any help is much appreciated.

1 Answers

Answers 1

See this article: https://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C#7

You'll notice in all the samples that we're binding directly to the directoryEntry and not specifying a server or credentials. If you do not want to use an impersonation class you can send credentials directly into the DirectoryEntry constructor. The impersonation class is helpful for those times when you want to use a static method and don't want to go through the trouble of creating a DirectoryContext object to hold these details. Likewise you may want to target a specific domain controller.

Target Specific Domain Controllers or Credentials

Everywhere in the code that you see: LDAP:// you can replace with LDAP://MyDomainControllerNameOrIpAddress as well as everywhere you see a DirectoryEntry class being constructed you can send in specific credentials as well. This is especially helpful if you need to work on an Active Directory for which your machine is not a member of it's forest or domain or you want to target a DC to make the changes to.

//Rename an object and specify the domain controller and credentials directly

public static void Rename(string server,     string userName, string password, string objectDn, string newName) {     DirectoryEntry child = new DirectoryEntry("LDAP://" + server + "/" +          objectDn, userName, password);     child.Rename("CN=" + newName); } 

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati