Is there a way to detect that a user must change their password on their
next login?
I tried to authenticate the user but it fails and the exception that I get
back doesn't really help. I analyzied the exception strace stack and all it
says is that the login failed.
I also tried to login as and adminstrator then did a search on the user
object, but can't seem to find any noticable information that might give me
some indication that this user must change password on their next login.
Sorry for being so new to this. Any help would be appreciated.
Thanks in advance
Ross
The issue is whether knowing this helps you or not. You can't bind with the
user's credentials when they are in that state, so knowing might not help
(unless you just want to provide more useful feedback).
Joe K.
"Ross Pellegrino" <ross_pe...@hotmail.com> wrote in message
news:ODqkc44S...@tk2msftngp13.phx.gbl...
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
This is useful. I have one question. If the user account is set to "must
change password on next login" can I bind to the object using their
credential? If not, can you tell me if my work around makes sence?
I would login to AD with some valid credentials.
Find the User object check for pwdLastSet to see if it is 0.
If set to 0 then force the user to provide old and new passwords and update
the User object with new password.
On behalf of the user, I would re-login to AD
Thanks
Ross
"Joe Kaplan (MVP - ADSI)" <joseph....@removethis.accenture.com> wrote
in message news:OaOzHuET...@tk2msftngp13.phx.gbl...
I'd like to know a good strategy to deal with this as well, but I don't know
of one with pure LDAP. Maybe someone else has an idea.
Joe K.
"Ross Pellegrino" <ross_pe...@hotmail.com> wrote in message
news:OSyiBzJT...@TK2MSFTNGP10.phx.gbl...
Joe R. (while you are pitching in on this thread), do you know of an LDAP
way to get a user to bind and change passwords if they have pwdLastSet = 0?
How does Windows deal with this?
Joe K.
"Joe Richards [MVP]" <humore...@hotmail.com> wrote in message
news:ubn8WhJT...@TK2MSFTNGP09.phx.gbl...