Srihari wrote:
> I am working with Active Directory in C#. I want to reset the password
> and set the User must change the password at next logon. I did it.
> It working fine.
>
> But "Password Cannot change" is set when user is created,
> User must change the password at next logon is not working.
>
> So i want to uncheck the flag ""Password Cannot change". How to do it?
>
> Plaese tell me if anybody knows
>
I don't code in C#, but you need to modify the appropriate bit of the
userAccountControl attribute. You XOR the current value with the bit mask
ADS_UF_PASSWD_CANT_CHANGE to toggle the bit off. In VBScript
:
===========
' Bit mask for "Password cannot change"
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
' Bind to user object.
Set objUser = GetObject("LDAP://cn=Jim Smith,ou=Sales,dc=MyDomain,dc=com")
' Retrieve value of userAccountControl attribute.
lngFlag = objUser.userAccountControl
' Check if "Password cannot change" bit is set.
If (lngFlag AND ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
' Toggle the bit to turn it off.
lngFlag = lngFlag XOR ADS_UF_PASSWD_CANT_CHANGE
' Save changes.
objUser.SetInfo
End If
============
You AND the value of userAccountControl with the bit mask to test if it is
set. Any non-zero result means the bit is set. Zero means the bit is not
set. You OR the value of userAccountControl with the bit mask to set the
bit. You XOR userAccountControl with the bit mask to toggle the bit, which
is the only way to turn it off.
Note, there is also a bit of userAccountControl for "Don't expire password".
The bit mask is &H10000. Also, you can remove permissions for the user to
change their password. The code to restore these permissions is more
complex.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -
http://www.rlmueller.net
--
Similar Threads
Linear Mode
