"User cannot change pwd" and "Pwd never expire" by using Directory

T

Thauhtopa

I create a account by using the DirectorySerive and it is running:
---------------------------------------------------------
Dim ContainerEntry As DirectoryEntry
Dim UserEntry As DirectoryEntry
Dim ChildCollection As DirectoryEntries
ContainerEntry = New DirectoryEntry(LDAPPath)
ChildCollection = ContainerEntry.Children
UserEntry = ChildCollection.Add("CN=" & strFirstName + " " + strLastName,
"user")
UserEntry.Properties("samAccountName").Add(TextBoxNewAccountPre.Text)
UserEntry.CommitChanges()
----------------------------------------------------

In the next step you see the adding of some information, it is running:
----------------------------------------------------
UserEntry.Properties("samAccountName").Add(TextBoxNewAccountPre.Text)
UserEntry.Properties("userPrincipalName").Add(TextBoxNewAccount.Text
& ComboSuffix.Text)
UserEntry.NativeObject.LastName = TextBoxLastName.Text
UserEntry.NativeObject.DisplayName = TextBoxFirstName.Text + " " +
TextBoxLastName.Text
UserEntry.NativeObject.Description = TextBoxDescription.Text
UserEntry.NativeObject.physicaldeliveryofficename = "Acct creator: "
+ GetCurrentUserName()
UserEntry.NativeObject.EmployeeID = TextBoxEmployeeID.Text
----------------------------------------------------

In the next Step you see to set some constants and a call of a Sub
(The Values for the Constans you can find, her
http://msdn.microsoft.com/library/d...us/adschema/adschema/a_useraccountcontrol.asp):
----------------------------------------------------
Const ADS_UF_DONT_EXPIRE_PASSWD As Integer = &H10000
Const ADS_UF_PASSWD_CANT_CHANGE As Integer = &H40
SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE)
SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD)
-----------------------------------------------------

Now the last Steps, it is the sub to set the userAccountControl-value:
-----------------------------------------------------
Shared Sub SetAccountOptions(ByVal User As DirectoryEntry, ByRef
AccountOptions As Integer)
Dim val As Integer
val = Fix(User.Properties("userAccountControl").Value)
User.Properties("userAccountControl").Value = val Or AccountOptions
val = Fix(User.Properties("userAccountControl").Value)
User.CommitChanges()
End Sub 'SetAccountOptions
-----------------------------------------------------

The Result is:
The call SetAccountOptions(UserEntry, ADS_UF_DONT_EXPIRE_PASSWD) is running
perfect.

the call
SetAccountOptions(UserEntry, ADS_UF_PASSWD_CANT_CHANGE) is running but
NOTING HAPPENS

Now my question:
I need a solution to set the property "User Cannot Change Password" over the
DirectoryServices.

Help, please
Thauhtopa
 
J

Joe Kaplan \(MVP - ADSI\)

You don't set that option in LDAP with that flag. Both the lockout flag and
the user can't change password flag don't work for Active Directory.

To set "user can't change password", you need to modify the DACL for the
user's object. I don't know of a specific .NET sample, but there is a
script sample that you can adopt on the KB.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

PasswordChange 0
Using Directory Services saves some settings and not others 0
Active Directory user creation with python-ldap 0
Using Directory Services saves some settings and not others 0
Change User attribute in Active Directory by web (vb.net) 2
problems creating a user in Active directory 1
Properly using directorysearcher to find a user in an AD Group 3
Using ASP.Net to Get User Information from AD 1

Members online

Total: 34 (members: 1, guests: 33)
Robots: 203

Forum statistics

Threads
473,763
Messages
2,569,563
Members
45,039
Latest member
CasimiraVa

Latest Threads

Top