Home/ Questions/Q 7548515
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T09:43:05+00:00

I’m trying to figure out how to set the User cannot change password attribute

  • 0

I’m trying to figure out how to set the “User cannot change password” attribute of AD using VB.NET.

I was originally hoping to use the UserAccountControl Flags found here http://support.microsoft.com/kb/305144 but I realized you cannot set the PASSWD_CANT_CHANGE flag like one would expect. This lead me to this posting Preventing an Active Directory user from changing his/her password using DirectoryServices but I cannot get the saving working.

Here’s the code I have right now. 

        Dim domainContext As PrincipalContext = New PrincipalContext(ContextType.Domain)
        Dim user As UserPrincipal = UserPrincipal.FindByIdentity(domainContext, "user5")
        user.UserCannotChangePassword = True
        user.Save(domainContext)

Every time I try to do a save on this I get an InvalidOperationException. The documentation for this isn’t too helpful either: http://msdn.microsoft.com/en-us/library/bb335863.aspx

What’s strange to me is that if I set a different attribute of that UserPrincipal object, like the SamAccountName, saving works fine, but once I introduce that UserCannotChangePassword attribute, saving fails.

I’ve verified that the user I am using to perform this action has proper privileges, but I’m not to sure where to go from here… Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Found an old school way to do this, thanks for pointing me in the right direction @juergen d. Guess I’ll have to settle. 

            Dim objThisUser As IADs
        Dim intUserFlags As Integer

        ' Bind to the user object with the current credentials.
        objThisUser = GetObject("WinNT://" + gstrDomain + "/" + "user5")

        intUserFlags = objThisUser.Get("userFlags")

        'can't change
        intUserFlags = intUserFlags Or ADS_UF_PASSWD_CANT_CHANGE

        ' Modify the userFlags property.
        objThisUser.Put("userFlags", intUserFlags)

        ' Commit the changes
        objThisUser.SetInfo()

    I was close the whole time to having a perfect solution, but just couldn’t get the saving to work. This works fine I guess. Using this just means a few more lines of code, and a bit less adaptability.

    • 0