Im not very familiar with using Active Directory, mainly a long time ago and just reading data from it to fill in forms etc.
Ive been asked to write either a win app/service or a script (preferably in c# .net) which will set the property revoke the users privilege to reset their user password if pwdLastSet - 0 (ie password expired) as they want them to set it indirectly through another app once expired.
Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is read only. As I understand the privilege has to be set through modification of the users Access Control List (ACL). I'm not sure how I do this or make it correspond to the user related to the pwdLastSet=0 field
Can anyone advise whether this can be done, and is there any code available showing me how to do this
Thanks
Andy
Ive been asked to write either a win app/service or a script (preferably in c# .net) which will set the property revoke the users privilege to reset their user password if pwdLastSet - 0 (ie password expired) as they want them to set it indirectly through another app once expired.
Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is read only. As I understand the privilege has to be set through modification of the users Access Control List (ACL). I'm not sure how I do this or make it correspond to the user related to the pwdLastSet=0 field
Can anyone advise whether this can be done, and is there any code available showing me how to do this
Thanks
Andy