Setting "User Cannot Change Password" Flag from ASP.NET/C#

Discussion in 'ASP .Net' started by John Beard, Jun 15, 2004.

  1. John Beard

    John Beard Guest

    I downloaded the attached code from MS. It flips on the "User Cannot Change
    Password" on a user in AD and works great from a console or
    windows app, but when put into an ASP.NET app I get a "The security ID
    structure is invalid." error when trying to assign the new security
    descriptor. I am running in Windows Authentication mode with IIS set to
    Integrated security on an XP box.

    Does anyone have a work around for this?

    Thanks in advance.
    John

    (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/ma
    naging_user_passwords.asp)
    using System;
    using System.DirectoryServices;

    public class securitydescriptorclass
    {
    public const string PASSWORD_GUID =
    "{ab721a53-1e2f-11d0-9819-00aa0040529b}";
    public const int ADS_UF_ACCOUNTDISABLE=2;
    public const int ADS_UF_PASSWORD_EXPIRED=0x800000;
    public const int
    ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION=0x1000000;

    public static void Main(string[] args)
    {
    DirectoryEntry ent = new DirectoryEntry();
    DirectoryEntry ou = ent.Children.Find("OU=Consulting");
    DirectoryEntry usr = ou.Children.Add("CN=Alice Sullivan","user");

    string[] trustees = new string[]{@"NT AUTHORITY\SELF","EVERYONE"};

    ActiveDs.IADsSecurityDescriptor sd =

    (ActiveDs.IADsSecurityDescriptor)usr.Properties["ntSecurityDescriptor"].Valu
    e;
    ActiveDs.IADsAccessControlList acl =
    (ActiveDs.IADsAccessControlList)
    sd.DiscretionaryAcl;
    ActiveDs.IADsAccessControlEntry ace = new
    ActiveDs.AccessControlEntry();
    foreach(string trustee in trustees)
    {
    ace.Trustee = trustee;
    ace.AceFlags = 0;
    ace.AceType = (int)
    ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED_OBJECT;
    ace.Flags =
    (int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;
    ace.ObjectType = PASSWORD_GUID;
    ace.AccessMask =
    (int)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DS_CONTROL_ACCESS;
    acl.AddAce(ace);
    }
    sd.DiscretionaryAcl = acl;
    usr.Properties["ntSecurityDescriptor"].Value = sd;
    usr.CommitChanges();
    }
    }
    John Beard, Jun 15, 2004
    #1
    1. Advertising

  2. John Beard

    thaya

    Joined:
    Sep 6, 2006
    Messages:
    1
    Hello

    I have the same probleam...do you have any idea how to fix it? It would be really help ful if you give me some hints

    thanks

    thaya
    thaya, Sep 6, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGVyZWsgTQ==?=

    attach flag to email msg from asp.net page

    =?Utf-8?B?RGVyZWsgTQ==?=, Oct 27, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    627
    =?Utf-8?B?RGVyZWsgTQ==?=
    Oct 27, 2004
  2. Homer
    Replies:
    1
    Views:
    383
    Knute Johnson
    Jul 16, 2007
  3. Moe Sisko
    Replies:
    1
    Views:
    724
    Flatulus
    Jan 2, 2008
  4. hisan
    Replies:
    1
    Views:
    1,312
    Dan Stromberg
    Jun 25, 2012
Loading...

Share This Page