Question
I have a classic ASP application where I authenticate users via active directory as follows:
https://stackoverflow.com/questions/19385190
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussiansDomain = "@domain_name.abc"
sUserID = LCase(Request.Form("UserID"))
sPassword = Request.Form("Password")
On Error Resume Next
Set adObject = GetObject("WinNT:")
Set userObject = adObject.OpenDSObject("WinNT://domain_name.abc", sUserID & sDomain, sPassword, ADS_SECURE_AUTHENTICATION)
Select Case Err.Number
'-2147023565 disabled account
'-2147022989 password expired
'0 success
'Else some other error
End Select
The problem that just came up is that we changed our password expiration policy. Network passwords never expired (don't ask, small-ish company) but now they are set to expire every 120 days.
We turned on the group policy for this and anyone who left their PC on and tried logging into the intranet were denied with a generic error message because they need to change their password.
Now I can trap that error as shown above -2147022989 and display a message but for people traveling, they won't be able to change their password unless they VPN into their desktops which can be problematic for some lower-skilled users and executives.
I guess this is all a long-winded way of asking if there is anyway to facilitate an AD password change through classic ASP?
I can do the validation for password requirements via JavaScript I figure.
La solution
Got it.
Set objIADS = GetObject("WinNT:").OpenDSObject("WinNT://domain", "Administrator", sDomainPassword, ADS_SECURE_AUTHENTICATION)
Set objIADSUser = objIADS.GetObject("user", sUserID)
objIADSUser.ChangePassword sOldPassword, sNewPassword
'Alternatively: objIADSUser.SetPassword sNewPassword
objIADSUser.SetInfo
