.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Problem with ChangePassword in Active Directory

Posted By:      Posted Date: September 07, 2010    Points: 0   Category :.NET Framework
Hi, i'm having a problem trying to change the password in AD. I'm developing using c# 3.5. This is my code (i have omitted some lines for brevity): String server = txtServer.Text; String container = String.IsNullOrEmpty(txtContainer.Text) ? null : txtContainer.Text; String login = txtUser.Text; String password = txtPassword.Text; String userToManage = txtUserToManage.Text; String oldPassword = txtOldPassword.Text; String newPassword = txtNewPassword.Text; using (PrincipalContext context = new PrincipalContext(ContextType.Domain, server, container, login, password)) { using (UserPrincipal user = UserPrincipal.FindByIdentity(context, userToManage)) { if (user == null) return; if (user != null) { user.ChangePassword(oldPassword, newPassword); user.Save(context); } } } If i run this code on a computer in our Domain, all is fine. But if i run the code on our customer's computer, i receive this error: Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied (exception from HRESULT: 0x80070547) The only way to make the code run correctly is to run our program under a user with more privileges then a normal user. That is, if the user logged on the computer is a normal user, our customer receives the error. But if he uses a more "powerfull" user to

View Complete Post

More Related Resource Links

Problem With space When updating password of active directory users from asp.net


Hello Friend's

From long time i am facing problem with Reseting password of users of active directory from asp.net.

The coding is work fine when there are no space in username but it's cause a problem when there are space in username.


usernametochange = "Ketan Patel";
                       ds.Filter = "(&(objectClass=user)(sAMAccountName=(" + usernametochange + ")))";
                       ds.PageSize = 100;

                       SearchResult account = ds.FindOne();
                       DirectoryEntry user = account.GetDirectoryEntry();
                       object[] oPassword = new object[] { "krtya#123" };

                           object ret = user.Invoke("SetPassword", oPassword);

if you have any idea about it please help me.

Thank you.....

Problem Import Pictures into User Profiles from Active Directory


I have problems with getting the pictures from Active Directory (Field "thumbnail Photo") into my Sharepoint User Profile Store and displaying it in the MySites.

Profile Synchronization is working fine, the field Picture is mapped to thumbnailPhoto.

Then for finishing the process I execute the following powershell command: 

Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation "http://mysite.vz.ch/my"

I execute this command under the user context from the account which has all the necessary AD-Rights. I do this with "start-job -Credentials $cred -ScriptBlock $sb" where -Credentials for the AD Sync Account and $sb for the above Powershell Script (Update-SPProfile....).

For this I had to give rights to the sync account on the user profile service application (administrator and permission button, I know). Also I had to give "db-owner"rights on the Configuration Database and also on the MySite Database for this sync account. I found this out via ULSLogViewer.

Now it is working as far that the scripts enumerates all user profiles and tries to process the images. But in ULSLogViewer I have the following error message:

"Error processing the photo URL User Photos/Profile Pictures/0c37852b-34d0-418e-91c6-2ac25af4be5b_652.jpg for user ZH01\BEr: System.U

How to set SearchRoot Path in Active Directory in this scenario


How to set SearchRoot Path in Active Directory in this scenario:

Functionality: We have scenario that 1<sup>st</sup> hit one LDAP server with some 'fixed user name' &' fixed password ' and filter data with specific User name(which given by user) getting 'User dn'.

After that we hit Next LDAP server based on the 'User dn' getting from 1<sup>st</sup> server.

(So, in my case 1<sup>st</sup> LDAP server works like as Load balancing server but functionalitywise it is different)


active directory exception unusual behaviour


i have a small problem
i want user names from active directory for an auto completer type of service
the method is always throwing an exception 
"searcher.FindAll()' threw an exception of type 'System.DirectoryServices.DirectoryServicesCOMException' System.DirectoryServices.SearchResultCollection 

Active Directory and .NET: paging the search result

Hi everybody!

I have a question about Active Directory in .NET
For my project I need to fetch results from Active Directory search page by page, because later I would need to bind it to the pageable DataGrid.

I tried to use .NET library DirectoryServices for that, but paging provided by this library is transparent to the user and is used only to increase the efficiency of searching, when results are too big. I.e. I cannot tell the DirectorySearcher to give me first page, then the next or previous page, it returns me all resulting pages in one bundle.

However, what I need is to explicitely get page after page directly from the AD searcher and to be able to go at least one page forward or backward.

The solution with copying all results to the DataBase and then do the paging is not accepeted by the clent, since it is too inefficient. And since it's a Web app, I cannot keep results in memory either.

I found some hints about COM Interface, but I could not find good and detailed examples or explanations. I aslo found this line of code: DirectoryServices.Interop.IDirectorySearch.ExecuteSearch(), but I don't know which libraries should i add to be able to compile this code.

If somebody could help me out with that problem, any suggestion is welcome, 'cause this issue is eating me alive :)

Thank you!

Error on Display user's fullname using Active Directory in asp.net using vb.net



wi As System.Security.Principal.WindowsIdentity =  _System.Security.Principal.WindowsIdentity.GetCurrent()



Dim a As String() = HttpContext.Current.User.

Getting list of users reporting from specific Manager from Active Directory


Dear All,

I am have requirement like displaying all the user information reporting to specific manager from Active Directory.

Please help me regarding this.



List Users from Active Directory


When i try to List the users from Active directory, i get this exception.

Error while processing.System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll()

The code i used is :

DirectoryEntry de = new DirectoryEntry(_path);DirectorySearcher deSearch = new DirectorySearcher();

deSearch.SearchRoot =de;

deSearch.Filter = "(&(objectClass=user) (cn=" + UserName +"))";

SearchResultCollection results = deSearch.FindAll();

 But the DirectoyEntry method is getting validated if i use the overloaded method : DirectoryEntry(_path, domainAndUsername, password);

Please advice me.

AD FS 2.0 in Identity Solutions: Using Active Directory Federation Services 2.0 in Identity Solution


This article explains how you can use Active Directory Federation Services (AD FS) 2.0 to claims-enable Windows Communication Foundation (WCF) services and browser-based applications. The focus is on the token issuance functionality in AD FS 2.0. You'll find out how to use AD FS 2.0 as an identity provider; set up an AD FS 2.0 security token service (STS) to interact with WCF; federate AD FS 2.0 with your custom STS or another AD FS 2.0; enable Web single sign-on and federation with WS-Federation and SAML 2.0 protocols; and externalize authentication logic through Visual Studio. You'll come away appreciating how AD FS 2.0 and Windows Identity Foundation make programming identity solutions in Windows less of a chore.

Zulfiqar Ahmed

MSDN Magazine November 2009

Security Briefs: Active Directory Cache Dependencies


If you're not taking advantage of Active Directory, you should be. Learn the benefits from Keith Brown.

Keith Brown

MSDN Magazine July 2007

Single Sign-On: A Developer's Introduction To Active Directory Federation Services


Use Active Directory Federation Services to allow other organizations to use your Web applications without the need for you to grant access explicitly.

Keith Brown

MSDN Magazine November 2006

Got Directory Services?: New Ways to Manage Active Directory using the .NET Framework 2.0


System.DirectoryServices is a managed code layer on top of Active Directory Service Interfaces, and you can employ it to better manage Active Directory from your code. Here Ethan Wilansky helps you get started.

Ethan Wilansky

MSDN Magazine December 2005

Active Directory and ASP.net VB




Real newbie question :-)


I currently get the current logged on user info from AD by using :

Label1.Text = Page.User.Identity.Name.ToString
However now I need to get the following :
Label2 = (this must show the current logged on user's email address)
Label3 = (this must show the current user's manager)

any help would be appreciated

Authentication With Active Directory AD Getting properties


Authentication with AD is just a call to the predefined function.. Surprised
you just need following references:Embarassed

using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.ActiveDirectory;

and one dll:
using UserAuthentication; //dll that you need to be download.. search for it from our god: googleWink


string adPath = "LDAP://" + System.Configuration.ConfigurationSettings.AppSettings["DefaultActiveDirectoryServer"];
ActiveDirectoryValidator adAuth = new ActiveDirectoryValidator(adPath);
if (adAuth.IsAuthenticated(domainName, userName, password))
//user is authenticated with the given username and password<br/></div></div><div class=

Domain & Active Directory


Scenario 1:

Site user visits http://intranet/ , authenticates using intranet\username as username using proper password. Everything works fine.

Scenario 2:

Site user visits http://somedomain.com (that is forwarded to IP address of "intranet") , sharepoint opens, authenticates sometimes but sometimes it wont. Even if it authenticates user , some actions (edit an item) pops up authentication dialog box and fails to authenticate further even with correct credentials.


Do I need to add somedomain.com to Domain Controller of "Intranet"?  It is running 2k3 windows, IIS, Domain controller, sharepoint WSS 3.0 server (Internal).



Please advice,


Directory structure problem



         I m sure this question has been asked before. I have a web application hosted under http://localhost/abc. which is mapped to c:\inetput\wwwroot\abc folder. I have APP_Code, App_LocalResources, BIN and other folders under abc folder. Everything is great. Now I want to create another application or sub application http://localhost/def. Both abc and def apps need to use some common classes and resources. Whats the best way to do it. I dont need to create a separate application for def. All i want is the url http://localhost/def.





Function retrieving users by country against (Active Directory) LDAP

Hello I've got such openquery SELECT * FROM Openquery(ADSI, 'SELECT EmployeeID, displayname, mailAddress, country FROM '' LDAP://MY-LDAP-PATH '' WHERE country=''coutry_code' '   ') country_code is 3 letters i think sth in format like USA, FRA etc I will need to retrieve users from up to 3 countries let say and i would like to create from this query above a stored procedure (or better a FUNCTION)  where someone calling a function can specify from which country does he/she wants to terieve users - when none country specified a function should retrieve users from all 3 let say. I'm not very advanced in programming in T-SQL yet so my question is -> can the variable be specified inside Openquery ? like for example SELECT * FROM Openquery(ADSI, 'SELECT EmployeeID, displayname, mailAddress, country FROM '' LDAP://MY-LDAP-PATH '' WHERE country=''@country' '   ') ACTIVE DIRECTORY HAS LIMITION OF RETRIEVING 1000 RECORDS AT ONCE - BUT NONE OF THESE COUNTRIES HAVE MORE THAN COUPLE HUNDREDS HOVWEVER summing them in one query this number of course will exceed 1000 recoreds so queries i think should be splitted and joined with union ??? Can anyone provide some example code of such function  The other problem i have is that openquery againt ADSI  above works correctly when i use SSMS localy on the server (connectin
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend