Setting "User Cannot Change Password" Flag from ASP.NET/C#

J

John Beard

I downloaded the attached code from MS. It flips on the "User Cannot Change
Password" on a user in AD and works great from a console or
windows app, but when put into an ASP.NET app I get a "The security ID
structure is invalid." error when trying to assign the new security
descriptor. I am running in Windows Authentication mode with IIS set to
Integrated security on an XP box.

Does anyone have a work around for this?

Thanks in advance.
John

(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/ma
naging_user_passwords.asp)
using System;
using System.DirectoryServices;

public class securitydescriptorclass
{
public const string PASSWORD_GUID =
"{ab721a53-1e2f-11d0-9819-00aa0040529b}";
public const int ADS_UF_ACCOUNTDISABLE=2;
public const int ADS_UF_PASSWORD_EXPIRED=0x800000;
public const int
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION=0x1000000;

public static void Main(string[] args)
{
DirectoryEntry ent = new DirectoryEntry();
DirectoryEntry ou = ent.Children.Find("OU=Consulting");
DirectoryEntry usr = ou.Children.Add("CN=Alice Sullivan","user");

string[] trustees = new string[]{@"NT AUTHORITY\SELF","EVERYONE"};

ActiveDs.IADsSecurityDescriptor sd =

(ActiveDs.IADsSecurityDescriptor)usr.Properties["ntSecurityDescriptor"].Valu
e;
ActiveDs.IADsAccessControlList acl =
(ActiveDs.IADsAccessControlList)
sd.DiscretionaryAcl;
ActiveDs.IADsAccessControlEntry ace = new
ActiveDs.AccessControlEntry();
foreach(string trustee in trustees)
{
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = (int)
ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED_OBJECT;
ace.Flags =
(int)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask =
(int)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DS_CONTROL_ACCESS;
acl.AddAce(ace);
}
sd.DiscretionaryAcl = acl;
usr.Properties["ntSecurityDescriptor"].Value = sd;
usr.CommitChanges();
}
}
 
Joined
Sep 6, 2006
Messages
1
Reaction score
0
Hello

I have the same probleam...do you have any idea how to fix it? It would be really help ful if you give me some hints

thanks

thaya
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,228
Members
46,818
Latest member
SapanaCarpetStudio

Latest Threads

Top