Reading User Cannot Change Password (WinNT Provider)
The ability of a user to change their own password is a permission that can be granted or denied. To determine if the user has been granted this permission with the WinNT provider, read the ADS_UF_PASSWD_CANT_CHANGE flag of the userFlags property of the user object. The ADS_UF_PASSWD_CANT_CHANGE flag is defined in the ADS_USER_FLAG_ENUM enumeration.
Example Code
The following code example shows how to obtain the ADS_UF_PASSWD_CANT_CHANGE flag of the userFlags property of a user object.
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Function UserCannotChangePassword(strDomain As String, strUser As String, strUserCred As String, strPassword As String) As Boolean
UserCannotChangePassword = False
Dim oUser As IADs
strPath = "WinNT://" + strDomain + "/" + strUser
If "" <> strUserCred Then
Dim dso As IADsOpenDSObject
' Bind to the group with the specified user name and password.
Set dso = GetObject("WinNT:")
Set oUser = dso.OpenDSObject(strPath, strUserCred, strPassword, 1)
Else
' Bind to the group with the current credentials.
Set oUser = GetObject(strPath)
End If
If (oUser.Get("userFlags") And ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
UserCannotChangePassword = True
Else
UserCannotChangePassword = False
End If
End Function
The following code example shows how to obtain the ADS_UF_PASSWD_CANT_CHANGE flag of the userFlags property of a user object.
//***************************************************************************
//
// UserCannotChangePassword()
//
//***************************************************************************
HRESULT UserCannotChangePassword(LPCWSTR pwszDomain,
LPCWSTR pwszUser,
LPCWSTR pwszUserCred,
LPCWSTR pwszPassword,
BOOL *pfCannotChangePassword)
{
if(NULL == pwszDomain || NULL == pwszUser)
{
return E_INVALIDARG;
}
*pfCannotChangePassword = FALSE;
HRESULT hr;
IADs *pads;
CComBSTR sbstrADsPath = L"WinNT://";
sbstrADsPath += pwszDomain;
sbstrADsPath += "/";
sbstrADsPath += pwszUser;
hr = ADsOpenObject( sbstrADsPath,
pwszUserCred,
pwszPassword,
ADS_SECURE_AUTHENTICATION,
IID_IADs,
(void**)&pads);
if(SUCCEEDED(hr))
{
CComVariant svar;
hr = pads->Get(CComBSTR("userFlags"), &svar);
if(SUCCEEDED(hr))
{
if(ADS_UF_PASSWD_CANT_CHANGE & svar.lVal)
{
*pfCannotChangePassword = TRUE;
}
else
{
*pfCannotChangePassword = FALSE;
}
}
pads->Release();
}
return hr;
}