C#更改广告密码的DirectoryServices [英] c# Change AD password Directoryservices
问题描述
我试着去得到下面的代码工作,问题是,有时它,有时它不。 $ B,当它失败了,它给出了错误0x800704F1系统无法联系域控制器来服务认证请求
我想说的失败时约90%$ B。
我试图把它加在contexttype这个可悲的是没有帮助的背后给它一个静态直流。
在它的作品总是一个管理员用户。但是我相信用户应该能够更改自己的密码。
中的错误引发了user.changepassword行
我希望其他人有一个好主意。
使用(VAR上下文=新PrincipalContext(ContextType.Domain))使用
{
(VAR用户= UserPrincipal.Current)
{
试
{
user.ChangePassword(txt_old.Text,txt_new.Text);
user.Save();
}
赶上(例外P)
{
如果(p.HResult.Equals(0x800708C5))//不按密码策略$足够安全b $ b {
MessageBox.Show(Volgens HET systeem是UW NIEUWE wachtwoord Niet的veilig genoeg,voldoet HET AAN全部艾森?,Niet的gelukt,MessageBoxButtons.OK,MessageBoxIcon.Warning);
的回报;
}
,否则如果(p.HResult.Equals(0x80070056))//错误当前密码
{
MessageBox.Show(U heeft EEN verkeerd huidig wachtwoord ingevult, probeer HET nogmaals,Verkeerd wachtwoord,MessageBoxButtons.OK,MessageBoxIcon.Warning);
的回报;
}
,否则如果(p.InnerException.ToString()。包含(0x80070775))//即暂时锁定。
{
MessageBox.Show(的Uw帐户tijdelijk vergrendeld门德veel pogingen TOT在TE loggen满足EEN foutief wachtwoord。Probeer HET超过楝接触运算的15minuten nogmaals会见德服务支持。,vergrendeld。 MessageBoxButtons.OK,MessageBoxIcon.Warning);
的回报;
}
,否则
{
MessageBox.Show(System.Security.Principal.WindowsIdentity.GetCurrent()。名称+ Environment.NewLine + p.HResult + Environment.NewLine + P 。信息);
的回报;
}
}
}
}
这两个Windows更新3177108和3167679已经改变的ChangePassword行为
看来,您现在拥有创建PrincipalContext时指定一个有效的UPN。
在你可以创建上下文时使用的IP为终点,现在看来它是一个正确的域名以及。
此外,你现在总是在发生错误时收到相同的例外 - 我们用来接收用户选择密码不足的密码策略例外,现在我们得到:
System.DirectoryServices.AccountManagement.PrincipalOperationException:
系统无法联系域控制器以服务于
认证请求。请稍后再试。 (异常来自
HRESULT:0x800704F1)
更新2016年4月10日:
上面显示的例外是真正的更新之后,调用的ChangePassword当公正的东西受到了广大/一般性错误。
例如如果一些参与协议被防火墙阻止的端口,你会得到这一个,以及(如适用,如果你从一台服务器/计算机不是加入域的调用)。
有关要求的端口良好的资源:的 https://technet.microsoft.com/en-us/library/dd772723(v = ws.10)的.aspx 的
注意,该动态范围是必需的,以及
如果用户不允许更改密码(域策略,通过设置必须更改在下次登录FLAG规避)也收到这个异常。
Im trying to get the following code to work, problem is, sometimes it does, sometimes it doesnt. when it fails it gives the error 0x800704F1 "the system cannot contact a domain controller to service the authentication request" I'd say about 90% of the time it fails. I have tried giving it a static DC by adding it behind the contexttype this sadly did not help. On an admin user it works always.. however i do believe users are supposed to be able to change their own password. The error is triggered on the user.changepassword line
I hope someone else has a bright idea.
using (var context = new PrincipalContext(ContextType.Domain)) { using (var user = UserPrincipal.Current) { try { user.ChangePassword(txt_old.Text, txt_new.Text); user.Save(); } catch(Exception p) { if (p.HResult.Equals("0x800708C5"))//Not secure enough according to password policy { MessageBox.Show("Volgens het systeem is uw nieuwe wachtwoord niet veilig genoeg, voldoet het aan alle eisen?", "Niet gelukt", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } else if (p.HResult.Equals("0x80070056")) //Wrong current password { MessageBox.Show("U heeft een verkeerd huidig wachtwoord ingevult, probeer het nogmaals", "Verkeerd wachtwoord", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } else if (p.InnerException.ToString().Contains("0x80070775")) //Temporarly locked out. { MessageBox.Show("Uw account is tijdelijk vergrendeld door te veel pogingen tot in te loggen met een foutief wachtwoord. Probeer het over 15minuten nogmaals of neem contact op met de helpdesk.", "vergrendeld.", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } else { MessageBox.Show(System.Security.Principal.WindowsIdentity.GetCurrent().Name + Environment.NewLine + p.HResult + Environment.NewLine + p.Message); return; } } } }
解决方案The two Windows updates 3177108 and 3167679 have changed the behavior of ChangePassword.
There is a thread here about the issue: https://social.msdn.microsoft.com/Forums/vstudio/en-US/77dc733e-a13d-4349-9088-8065b85d5c3f/userprincipalchangepassword-stops-working-after-windows-updates-3177108-and-3167679?forum=netfxbcl
It seems, that you now have to specify a valid UPN when creating the PrincipalContext.
Before you could use a IP as endpoint when creating the context, now it seems it has to be a correct domain name aswell.
Furthermore, you now always receive the same exception when an error occurs - we used to receive the password policy exception for users choosing insufficient passwords, now we get:
System.DirectoryServices.AccountManagement.PrincipalOperationException: The system cannot contact a domain controller to service the authentication request. Please try again later. (Exception from HRESULT: 0x800704F1)
UPDATE 04-10-2016: The exception displayed above is really the general/generic error received for just about anything when calling ChangePassword after the updates. If for instance some of the ports involved in the protocol is blocked by a firewall, you get this one as well (applicable if you call from a server/machine that is not domain joined).
Good resource for required ports: https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx Note that the dynamic range is required as well.
If the user is not allowed to change password (domain policy, circumvent by setting MUST CHANGE AT NEXT LOGON FLAG) you also receive this exception.
这篇关于C#更改广告密码的DirectoryServices的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
