Im not very familiar with using Active Directory, having in the past just done reads etc.
Ive been asked to write either a win service or a script (preferably in c# .net) which will set the property revoke the users privilege to reset their user password if pwdLastSet - 0 (ie password expired) as they want them to set it indirectly through another app once expired.
Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is read only. As I understand the privilege has to be set through modification of the users Access Control List (ACL).
Can this be done through a windows service? and could someone advise me on how to do this.
I hope someone can help and thankyou
Andy
Ive been asked to write either a win service or a script (preferably in c# .net) which will set the property revoke the users privilege to reset their user password if pwdLastSet - 0 (ie password expired) as they want them to set it indirectly through another app once expired.
Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is read only. As I understand the privilege has to be set through modification of the users Access Control List (ACL).
Can this be done through a windows service? and could someone advise me on how to do this.
I hope someone can help and thankyou
Andy