Bewerken

Delen via


ActiveDirectoryMembershipProvider.ChangePassword Method

Definition

Changes the password for the specified user.

public:
 override bool ChangePassword(System::String ^ username, System::String ^ oldPassword, System::String ^ newPassword);
public override bool ChangePassword (string username, string oldPassword, string newPassword);
override this.ChangePassword : string * string * string -> bool
Public Overrides Function ChangePassword (username As String, oldPassword As String, newPassword As String) As Boolean

Parameters

username
String

The name of the user to update the password for.

oldPassword
String

The current password for the specified user.

newPassword
String

The new password for the specified user.

Returns

true if the password was updated successfully; otherwise, false.

Exceptions

username is empty, or exceeds the maximum length for the user name (usually 256 characters).

-or-

username contains commas.

-or-

The user name is mapped to the userPrincipalName attribute and the username parameter contains backslashes.

-or-

oldPassword or newPassword is a zero-length string.

-or-

oldPassword or newPassword exceeds the maximum password length (usually 128 characters).

-or-

newPassword is less than the minimum password size specified in the MinRequiredPasswordLength property

-or-

newPassword contains fewer than the number of non-alphabetic characters specified in the MinRequiredNonAlphanumericCharacters property.

-or-

newPassword fails validation by the regular expression defined in the PasswordStrengthRegularExpression property.

username is null.

-or-

oldPassword is null.

-or-

newPassword is null.

newPassword does not meet the complexity requirements defined by the Active Directory server.

A secure connection could not be made to an Active Directory Application Mode server.

An unhandled exception occurred.

Remarks

The ChangePassword method is used to update the user's password in the Active Directory data store. Regardless of the credentials that the ActiveDirectoryMembershipProvider instance is configured to use, the provider connects to the Active Directory server using the username and oldPassword parameters as the connection credentials.

If the EnablePasswordReset property is true, the user cannot change their password if the account was previously locked because the user made too many attempts to answer the password question. The user will need to wait the number of minutes specified in the PasswordAnswerAttemptLockoutDuration property before changing the password.

If the password change succeeds and the EnablePasswordReset property is true, then the user's bad password answer tracking counters are reset.

The provider finds the user instance to update by performing a subtree search for the user name starting at the search point specified in the connection string. See the ActiveDirectoryMembershipProvider class topic for more information about connection strings.

To change passwords on an Active Directory server the connectionProtection attribute must be set to SignAndSeal.

When using an ADAM server, the connectionProtection attribute can be set to None, but only if you explicitly configure the ADAM server to allow password change over unsecured connections.

Applies to

See also