ChangePassword Method of the MIIS_CSObject Class
The ChangePassword method changes the password on a connector space object to a new password. This method requires that password synchronization be enabled for the management agent. To use this method, the value used for the OldPassword parameter must match the stored password.
Syntax
string ChangePassword(
[in] string OldPassword,
[in] string NewPassword
);
Parameters
OldPassword [in]
Contains the old password. This value must match the stored password.NewPassword [in]
Contains the new password.
Return Value
Returns a string that contains the results of the method. The return value can be one of the following values or one of the values listed in the WMI Provider Return Strings topic.
| Return code | Description |
|---|---|
success |
The call was successful and the password was changed to the NewPassword parameter. |
bad-password |
The specified OldPassword parameter does not match the password for the account. Verify that you are using the correct password for this parameter. |
ma-credentials-failure |
The management agent was unable to log on to the connected directory with the stored credentials. Verify that the management agent credentials are correct. For more information, see Connect to an Active Directory Forest in the Microsoft Identity Integration Server 2003 Help. |
ma-encryption-not-enabled |
The management agent did not set the password because 128-bit encryption has not been configured on the connection used by the management agent to communicate with the connected directory. Enable this encryption on your network. |
ma-feature-not-supported |
The management agent does not support password changes. |
ma-object-type-not-supported |
The management agent does not support password changes on this object type. |
new-password-violate-policy |
The specified NewPassword parameter does not comply with the password policy set by the administrator. Verify that the NewPassword parameter complies with the password policy set by the administrator. |
new-password-ill-formed |
The specified NewPassword parameter cannot be used as a password because the parameter contains characters that cannot be entered from a keyboard. Verify that the NewPassword parameter contains only characters that can be entered from a keyboard. |
object-newly-provisioned |
The object has been provisioned as a new object but the object has not been created in the connected directory. You cannot perform password operations until the object has been exported to the connected directory. |
object-not-found |
The object has been deleted from the server. |
password-sync-disabled |
The password synchronization setting for the specified management agent is not enabled. Enable password synchronization for the specified management agent. |
partition-not-configured |
The specified object is in a partition that has not yet been configured. Configure the partition with the Identity Manager. For more information, see Configure directory partitions in the Microsoft Identity Integration Server 2003 Help. |
server-down |
The Microsoft Identity Integration Server 2003 server could not connect to the server containing the partition for the object. Verify that the server containing the partition is running and connected to the network. |
time-difference-at-dc |
The new password cannot be set because the time indicated on the Microsoft Identity Integration server is greater than five minutes from the time indicated on the Active Directory server. By default, the time difference between servers must be less than or equal to five minutes. Synchronize the times between the servers. |
Remarks
This method works only with the following management agents:
- Management agent for Active Directory
- Management agent for Active Directory Application Mode (ADAM)
- Management agent for Active Directory global address list (GAL)
- Management agent for Windows NT 4.0
- Novell eDirectory
- IBM DS
When you call this method, an entry is written to the event log. The entry contains information about who made the request, the target of the request, and the status of the request.
Examples
The following example shows how you can use Visual Basic Script (VBScript) to change the password of all objects with a specified domain and User Principal Name.
Option Explicit
On Error Resume Next
Dim Service
Dim CsObjects
Dim CsObject
Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set CsObjects = Service.ExecQuery("Select * from MIIS_CSObject where domain='main' and userPrincipalName='Jeff'")
For each CsObject in CsObjects
WScript.Echo "ChangePassword returns " & CsObject.ChangePassword("OldPassword", "NewPassword")
Next
Sub ErrorHandler (ErrorMessage)
WScript.Echo ErrorMessage
WScript.Quit(1)
End Sub
Requirements
| Product | ILM 2007 FP1 |
| MOF | Mmswmi.mof |
Send comments about this topic to Microsoft
Build date: 2/16/2009