Change Password SPS/WSS


How to provide self-serviced password management for SharePoint (WSS/SPS) with 0 lines of code

“Don’t reinvent the wheel.” This expression can always ring true when applied to devolpment. Unfortunately most developers have a tendency to over architect and over design their systems. In some instances we would rather re-write the functionality that has already been successfully written rather then take advantage of the existing code. There are a number of reasons to justify this sort of behavior. The most common one is to claim to have written the code from scratch. This post is about making the right decision when it comes to using the Built-in support for SharePoint self-served password management.

This spring I was at a client site assisting with a number of issues they were experiencing with their SharePoint implementation. One of the problems they ran into was self-serviced password management for Active Directory accounts of SharePoint users. Their customer support department had been receiving numerous calls asking to reset users expired passwords in order for them to log into the SharePoint Portal. Shouldn’t there be a better way to use a valuable resource such as customer service?

I have a two-step process on how I approach a solution to this kind of problem:

Turn to Google search for answers. I like to find as much information as possible about the subject matter.
Make a decision to:
Write everything from scratch based on the sample code found.
Utilize open-source code as is or with modification to help solve the issue.
When there is no free solution, turn to the product to purchase.
Running a Google search for “WebPart password change” returned a number of free WebParts to be downloaded that provide you with a desired functionality and even more. But if you remember the problem statement was clear that users were not able to login because their accounts expired. This means users will be denied access to the WebPart Page because the default page requires authentication to the site. The next step was to write custom ASP.NET application that access AD through DirectoryServices object model. I have to admit it was the worst object model I’ve ever had to work with. It had a number of memory leaks and was extremely hard for me to get up to speed.

So, after a day of frustrations with the DirectoryServices object model a colleague of mine, Don Kelly, suggested I look into the built-in solution for resetting expired passwords from Microsoft. He pointed me to this KB article “Using the Change Password feature with Outlook Web Access”. Of course I had to do more research to understand exactly what was applicable to my implementation and what was not. I ran across a number of forum posts and Microsoft KB articles on “IISADMPWD Virtual Directory”. Since WSS/SPS requires Windows 2003, I knew that the updated files were in the specified location and I didn’t have to install anything to make this solution work for me. The KB Article, “FIX: You experience various problems when you use the Password Change pages in IIS 6.0”, served as my guide to understanding all that was required to configure IISADMPWD Virtual Directory. By the way, this solution doesn’t require coding nor does it require installation of any kind.

The solution that I came up with solved the following issues:

In the case where the Active Directory accounts expired and the user were trying to log into the SharePoint (WSS/SPS) the user will now be redirected to a screen to change their password.
With the use of Content WebPart and IISADMPWD virtual directory to it will provide end- users of the WSS/SPS site with self-serviced password management solution

1. Find the folder [drive]\Windows\System32\Inetsrv\Iisadmpwd and register iispwchg.dll

Click Start, and then click Run.

In the Open box type the following, and then press ENTER:

regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll

2. Exclude IISADMPWD from WSS Managed path

1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central Administration.

2. On the Central Administration page, under Virtual Server Configuration, click Configure virtual server settings.

3. On the Virtual Server List page, select the virtual server you want to configure.

4. On the Virtual Server Settings page, under Virtual Server Management, click Define Managed Paths.

5. Under Included Paths or Excluded Paths, select the check box next to the path you want to remove, and then click Remove selected paths.

Or STSADM.EXE can be used to do the same thing as:

You can also remove an included or excluded path by using the command line. For example, to remove an exclusion for the site at http://server1/hrweb/webapp, you would use syntax like the following:

stsadm -o deletepath -url http://server1/hrweb/webapp

3. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled

1. Open command-line and Locate the C:\Inetpub\Adminscripts directory.

2. Type the following command, and then press ENTER:

cscript.exe adsutil.vbs set w3svc/passwordchangeflags 0

Note: 0 = This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.

4. Configure IISADMPWD virtual directory

When the Virtual Directory Creation Wizard starts, follow the instructions to create the virtual directory with the alias that is named “IISADMPWD.” Make sure that the path points to the Windows\System32\Inetsrv\Iisadmpwd directory. Make sure that both “Read” permissions and “Run Scripts (such as ASP)” permissions are selected

5. Creating Self-Serviced AD Password Management WebPart

Add Content Editor Web Part to the WebPart Page

Click on Modified Shared WebPart from WebPart Chrome menu then Source Editor and past URL that reflects your settings for example:
Change Password

That’s it! Congratulations, you just configured Self-Serviced Password Management WebPart with 0 lines of code. Of course this solution is not as elaborate as a custom written code but with the amount of time it takes to enable this functionality I think it is well worth the minimal effort.

Until next time, Maxim

How To Add a User to the Local System by Using Directory Services and Visual Basic .NET


How To Add a User to the Local System by Using Directory Services and Visual Basic .NET
View products that this article applies to.
Article ID : 306271
Last Review : July 15, 2004
Revision : 1.0
This article was previously published under Q306271
On This Page
SUMMARY
Requirements
Create the Sample
Code Explanation
Create a New Directory Entry
Add the Directory Entry to the Directory Tree
Set the Password and Description for the New User Account
Add the Account to a Group
Troubleshooting
REFERENCES
APPLIES TO

SUMMARY
This article describes how to use the DirectoryServices namespace to add a user to the local system and a group.

Back to the top

Requirements
• Microsoft Visual Basic .NET

Back to the top

Create the Sample
1. Open Microsoft Visual Studio .NET, and create a new Visual Basic Console Application project.
2. In Solution Explorer, right-click References, and then click Add Reference.
3. Add a reference to the System.DirectoryServices.dll assembly.
4. Replace the code in Module1.vb with the following code:Imports System.DirectoryServices
Module Module1

Sub Main()
Try
Dim AD As DirectoryEntry = _
New DirectoryEntry(“WinNT://” + Environment.MachineName + “,computer”)
Dim NewUser As DirectoryEntry = AD.Children.Add(“TestUser1”, “user”)
NewUser.Invoke(“SetPassword”, New Object() {“#12345Abc”})
NewUser.Invoke(“Put”, New Object() {“Description”, “Test User from .NET”})
NewUser.CommitChanges()
Dim grp As DirectoryEntry

grp = AD.Children.Find(“Guests”, “group”)
If grp.Name “” Then
grp.Invoke(“Add”, New Object() {NewUser.Path.ToString()})
End If
Console.WriteLine(“Account Created Successfully”)
Console.ReadLine()

Catch ex As Exception
Console.WriteLine(ex.Message)
Console.ReadLine()
End Try
End Sub

End Module

5. Compile and run the project.
6. Follow these steps on a Windows 2000-based computer to verify that the account was created and added to the Guest group:

a. From the Start menu, point to Programs, point to Administrative Tools, and then click Computer Management.
b. Click to expand the Local Users and Groups node. The new account should appear under the Users node, as well as under the node for the Guest group.
Follow these steps on a Windows XP-based computer to verify that the account was created and added to the Guest group:a. From the Start menu, click Control Panel.
b. Double-click User Accounts. The new user account should appear in the User Accounts dialog box.

7. Importantly, remove the newly created user account from the system after you finish testing.

Back to the top

Code Explanation
Create a New Directory Entry
When you create the directory entry in this sample, it is assumed that the system is running Microsoft Windows NT, Windows 2000, or Windows XP. Note that the string that is passed to the DirectoryEntry constructor begins with “WinNT://”. You can also run Directory Services on other third-party operating systems. Dim AD As DirectoryEntry = _
New DirectoryEntry(“WinNT://” + Environment.MachineName + “,computer”)

Add the Directory Entry to the Directory Tree
The following code adds a DirectoryEntry of type user with the value of TestUser1 to the Active Directory tree. Dim NewUser As DirectoryEntry = AD.Children.Add(“TestUser1”, “user”)

Set the Password and Description for the New User Account
The following code calls the Invoke method to invoke the SetPassword and Put methods of the DirectoryEntry object. This sets the password and assigns a description to the user account. This code also calls the CommitChanges method to save the changes. NewUser.Invoke(“SetPassword”, New Object() {“#12345Abc”})
NewUser.Invoke(“Put”, New Object() {“Description”, “Test User from .NET”})
NewUser.CommitChanges()

Add the Account to a Group
The first step to add the account to a group is to define a variable of type DirectoryEntry. Then you call the Find method of the Children member of the ActiveDirectory class to populate the variable. In this case, the Guest group is the target of the search. This code tests the value that the Find method returns to determine if the group has been found. If the group is found, the new user account is added to the group. Dim grp As DirectoryEntry
grp = AD.Children.Find(“Guests”, “group”)
If grp.Name “” Then
grp.Invoke(“Add”, New Object() {NewUser.Path.ToString()})
End If

Back to the top

Troubleshooting
The code in this article fails if you try to run the code without the sufficient privileges to create a user account. For the code to complete successfully, the currently logged on user must be a member of the Administrators group or have specific permissions that allow the user to create user accounts.

Back to the top

REFERENCES
For more information about the Active Directory Service Interfaces, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn.microsoft.com/library/en-us/netdir/adsi/active_directory_service_interfaces_adsi.asp (http://msdn.microsoft.com/library/en-us/netdir/adsi/active_directory_service_interfaces_adsi.asp)

Changing Windows 2000 Password in C#


Changing Windows 2000 Password in C#
by: narendra

Changing Windows 2000 Password in C#

by: narendra

Description: How to change your windows 2000 password through C# project.

It is very simple code you just follow the bellow code.

It is useful to change you Operating System password through c# project.
using System;
using System.DirectoryServices;
public class MyChangePasswordExample {
public static void Main(string[] args) {
DirectoryEntry myDirectoryEntry;

myDirectoryEntry = new
DirectoryEntry(@”WinNT://yourdirectoryserver/TheUsername,User”);

myDirectoryEntry.Invoke(“setPassword”, “NewPassword”);
myDirectoryEntry.CommitChanges();
}
}

c# will alow to change the your windows 2000 password using System.DirectoryServices name space

Enjoy with this project!

Try to change your Operating System password.