Question Change LDAP Password

TheWired

New member
Joined
Aug 7, 2008
Messages
4
Programming Experience
3-5
I am creating a windows form app that will allow our IT admins to reset passwords on an old domain we only use sparingly. Throughout my searches I have come across multiple methods of scripting this, but each comes back with some type of error. My current code looks like:

VB.NET:
Private Sub ChangePassword(ByVal username As String, ByVal oldpw As String, ByVal newpw As String)

        Try
            Dim de As New DirectoryEntry()
            de.Path = "LDAP://<ip>/CN=Users;DC=microsoft.com"  ''information changed
            de.AuthenticationType = AuthenticationTypes.Secure

            Dim ret As Object = de.Invoke("SetPassword", newpw)
            de.CommitChanges()
            de.Close()
        Catch ex As Exception
            MsgBox("Error." & vbNewLine & ex.ToString())
        End Try

    End Sub

This results in a login failure to do an unknown username or password. When I added:

VB.NET:
de.Username = "microsoft\Bill"
de.Password = "Gates"

I get an error stating referral was returned from the server. What it looks like is with the Username and Password set it is making the connection but my Invoke is failing (maybe?)?

Can anyone who has more experience with VB.net and AD/LDAP be able to offer some assistance? Maybe even a clarification on what the "referral" error is referring to - pardon the pun.
 
Last edited:
Referral is where when you connect to the LDAP server, your path to the actual object needs to be changed. For your examples above, the server name would be changed within the LDAP query to the actual server you're connecting to.

Simply add:
de.Options.Referral=ReferralChasingOption.All
to your sample code after setting the authentication type.
 
new code bust doesn't work

I changed a few things as seen below:

VB.NET:
Private Sub ChangePassword(ByVal un As String, ByVal pw As String, ByVal npw As String)

        Try
            Dim de As New DirectoryEntry()
            de.Path = "LDAP://<ip>/ou=Information Techonology,ou=Building1,ou=State;dc=microsoft,dc=com"
            de.AuthenticationType = AuthenticationTypes.Secure
            de.Options.Referral = ReferralChasingOption.All
            de.Username = "cn=Bill"
            de.Password = "Gates"

            Dim ret As Object = de.Invoke("SetPassword", npw)
            de.CommitChanges()
            de.Close()
        Catch ex As Exception
            MsgBox("Error." & vbNewLine & ex.ToString())
        End Try

    End Sub

It still returns with a unknown username or bad password.
 
I can't even seem to get a simple Directory Search to connect properly.

VB.NET:
Private Sub ChangePassword(ByVal un As String, ByVal pw As String, ByVal npw As String)

        Try
            Dim de As New DirectoryEntry("LDAP://<ip>/ou=Information Techonology,ou=Building1,ou=State;dc=microsoft,dc=com")
            ''de.AuthenticationType = AuthenticationTypes.Secure
            de.AuthenticationType = AuthenticationTypes.None
            ''de.Options.Referral = ReferralChasingOption.All
            de.Username = "cn=Bill"
            de.Password = "Gates"

            Dim ds As New DirectorySearcher(de)
            Dim results As SearchResultCollection
            results = ds.FindAll()
            ''Dim ret As Object = de.Invoke("SetPassword", npw)
            ''de.CommitChanges()
            de.Close()
            MsgBox("Success")
        Catch ex As Exception
            MsgBox("Error." & vbNewLine & ex.ToString())
        End Try

    End Sub

It would seem there is an error with my LDAP path. I have seen the string represented 2 different ways.

VB.NET:
Dim de As New DirectoryEntry("LDAP://<ip>/ou=Information Techonology,ou=Building1,ou=State;dc=microsoft,dc=com")
Dim de As New DirectoryEntry("LDAP://<ip>/CN=Users;DC=microsoft.com")

Both come back with the same unknown username or bad password error. I tried changing the user from cn=Bill to Administrator/cn=Administrator and it still fails with the same error. Both users have admin rights so I don't understand why it would fail.
 
Can someone take a look at those LDAP paths and respond with some helpful solution. I think if I can lock those down that I might be able to continue with this app.
 
Back
Top