Setting User Passwords with Active Directory Lightweight Directory Services
To set the password for an AD LDS user, set authentication flags for a non-secure or secure connection, bind to the user, set the port number and method for setting the password, and set the password.
The following Visual Basic Scripting Edition code example uses the GetObject function to connect to the LDAP provider, uses the OpenDSObject method to bind to an AD LDS user, uses the SetOption method to set the port number and method, and sets the password with the SetPassword method.
' Set Password of User.
Option Explicit
Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_USE_SSL = 2
Const ADS_USE_SIGNING = 64
Const ADS_USE_SEALING = 128
Const ADS_OPTION_PASSWORD_PORTNUMBER = 6
Const ADS_OPTION_PASSWORD_METHOD = 7
Const ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0
Const ADS_PASSWORD_ENCODE_CLEAR = 1
Dim intPort ' Port for instance.
Dim lngAuth ' Authentication flags.
Dim objLDAP ' LDAP provider object.
Dim objUser ' User object.
Dim strPath ' Binding path.
Dim strPort ' Port for instance.
Dim strServer ' DNS Name of the computer with the AD LS installation
Dim strUser ' User DN.
' Create LDAP provider.
Set objLDAP = GetObject("LDAP:")
' Construct the binding string.
strServer = "localhost"
strPort = "389"
intPort = CInt(strPort)
strUser = "CN=TestUser,O=Fabrikam,C=US"
strPath = "LDAP://" & strServer & ":" & strPort & "/" & strUser
WScript.Echo "Bind to: " & strPath
' Set authentication flags.
' For non-secure connection, use LDAP port and
' ADS_USE_SIGNING | ADS_USE_SEALING | ADS_SECURE_AUTHENTICATION
' For secure connection, use SSL port and
' ADS_USE_SSL | ADS_SECURE_AUTHENTICATION
lngAuth = ADS_USE_SIGNING Or ADS_USE_SEALING Or _
ADS_SECURE_AUTHENTICATION
' Bind to user object using LDAP port.
Set objUser = objLDAP.OpenDsObject(strPath, _
vbNullString, vbNullString, _
lngAuth)
On Error Resume Next
' Set the password for the user.
objUser.SetOption ADS_OPTION_PASSWORD_PORTNUMBER, intPort
objUser.SetOption ADS_OPTION_PASSWORD_METHOD, _
ADS_PASSWORD_ENCODE_CLEAR
' Be aware that, for security, a password should not be entered in code,
' but should be read from a dialog or the console.
objUser.SetPassword "ADAMComplexPassword1234"
If Err.Number <>0 Then
WScript.Echo "Error: Set password failed with error " _
& Hex(Err.Number)
Else
WScript.Echo "Success: Password set for user"
WScript.Echo " " & objUser.ADsPath
End If
The following Visual Basic .NET code example uses the DirectoryEntry constructor to connect to the LDAP provider and bind to an AD LDS user, uses the Invoke method to set the port number, method, and password.
Imports System
Imports System.DirectoryServices
Namespace ADAM_Examples
Class SetPassword
'/ <summary>
'/ Set Password of User.
'/ </summary>
<STAThread()> Shared Sub Main()
Const ADS_OPTION_PASSWORD_PORTNUMBER As Long = 6
Const ADS_OPTION_PASSWORD_METHOD As Long = 7
Const ADS_PASSWORD_ENCODE_REQUIRE_SSL As Integer = 0
Const ADS_PASSWORD_ENCODE_CLEAR As Integer = 1
Dim AuthTypes As AuthenticationTypes ' Authentication flags.
Dim intPort As Integer ' Port for instance.
Dim objUser As DirectoryEntry ' User object.
Dim strPath As String ' Binding path.
Dim strPort As String ' Port for instance.
Dim strServer As String ' DNS Name of the computer with
' the AD LDS installation.
Dim strUser As String ' User DN.
' Construct the binding string.
strServer = "localhost"
strPort = "389"
strUser = "CN=TestUser,O=Fabrikam,C=US"
strPath = String.Concat("LDAP://", _
strServer, ":", strPort, _
"/", strUser)
Console.WriteLine("Bind to: {0}", strPath)
' Set the authentication flags.
' For non-secure connection, use LDAP port and
' ADS_USE_SIGNING |
' ADS_USE_SEALING |
' ADS_SECURE_AUTHENTICATION
' For secure connection, use SSL port and
' ADS_USE_SSL | ADS_SECURE_AUTHENTICATION
AuthTypes = AuthenticationTypes.Signing Or _
AuthenticationTypes.Sealing Or _
AuthenticationTypes.Secure
' Bind to user object using LDAP port.
Try
objUser = New DirectoryEntry( _
strPath, Nothing, Nothing, AuthTypes)
objUser.RefreshCache()
Catch e As Exception
Console.WriteLine("Error: Bind failed.")
Console.WriteLine(" {0}.", e.Message)
Return
End Try
' Set port number, method, and password.
intPort = Int32.Parse(strPort)
Try
' Be aware that, for security, a password should
' not be entered in code, but should be obtained
' from the user interface.
objUser.Invoke("SetOption", _
New Object() {ADS_OPTION_PASSWORD_PORTNUMBER, intPort})
objUser.Invoke("SetOption", _
New Object() {ADS_OPTION_PASSWORD_METHOD, _
ADS_PASSWORD_ENCODE_CLEAR})
objUser.Invoke("SetPassword", _
New Object() {"ADAMComplexPassword1234"})
Catch e As Exception
Console.WriteLine("Error: Set password failed.")
Console.WriteLine(" {0}.", e.Message)
Return
End Try
Console.WriteLine("Success: Password set.")
Return
End Sub 'Main
End Class 'SetPassword
End Namespace 'ADAM_Examples
The following C# code example uses the DirectoryEntry constructor to connect to the LDAP provider and bind to an AD LDS user, uses the Invoke method to set the port number, method, and password.
using System;
using System.DirectoryServices;
namespace ADAM_Examples
{
class SetPassword
{
/// <summary>
/// Set Password of User.
/// </summary>
[STAThread]
static void Main()
{
const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
const long ADS_OPTION_PASSWORD_METHOD = 7;
const int ADS_PASSWORD_ENCODE_REQUIRE_SSL = 0;
const int ADS_PASSWORD_ENCODE_CLEAR = 1;
AuthenticationTypes AuthTypes; // Authentication flags.
int intPort; // Port for instance.
DirectoryEntry objUser; // User object.
string strPath; // Binding path.
string strPort; // Port for instance.
string strServer; // DNS name of the computer with
// the AD LDS installation.
string strUser; // User DN.
// Construct the binding string.
strServer = "localhost";
strPort = "389";
strUser = "CN=TestUser,O=Fabrikam,C=US";
strPath = String.Concat("LDAP://", strServer,
":", strPort, "/", strUser);
Console.WriteLine("Bind to: {0}", strPath);
// Set authentication flags.
// For non-secure connection, use LDAP port and
// ADS_USE_SIGNING |
// ADS_USE_SEALING |
// ADS_SECURE_AUTHENTICATION
// For secure connection, use SSL port and
// ADS_USE_SSL | ADS_SECURE_AUTHENTICATION
AuthTypes = AuthenticationTypes.Signing |
AuthenticationTypes.Sealing |
AuthenticationTypes.Secure;
// Bind to user object using LDAP port.
try
{
objUser = new DirectoryEntry(
strPath, null, null, AuthTypes);
objUser.RefreshCache();
}
catch (Exception e)
{
Console.WriteLine("Error: Bind failed.");
Console.WriteLine(" {0}.", e.Message);
return;
}
// Set port number, method, and password.
intPort = Int32.Parse(strPort);
try
{
// Be aware that, for security, a password should
// not be entered in code, but should be obtained
// from the user interface.
objUser.Invoke("SetOption", new object[]
{ADS_OPTION_PASSWORD_PORTNUMBER, intPort});
objUser.Invoke("SetOption", new object[]
{ADS_OPTION_PASSWORD_METHOD,
ADS_PASSWORD_ENCODE_CLEAR});
objUser.Invoke("SetPassword", new object[]
{"ADAMComplexPassword1234"});
}
catch (Exception e)
{
Console.WriteLine("Error: Set password failed.");
Console.WriteLine(" {0}.", e.Message);
return;
}
Console.WriteLine("Success: Password set.");
return;
}
}
}