This is the same issue as in this thread: Security ID Structure Invalid , Getting this error when setting the new SecurityDescriptor for AD user properties but I am using C++ instead of .Net.
I want to set the flag “User Cannot Change Password” for an Active Directory account. I am using this code from MS but get an error
The security ID structure is invalid.
This happens in the method SetUserCannotChangePassword() at this line:
//update the security descriptor property
hr = pads->Put(sbstrSecDesc, svar);
This error only happens when I test this from a computer that is not in the same domain as the user I want to set the AD flag. If I run my app on the same domain as I modify everything works fine.
Regarding this error code I found this article. The advice of opening the ports for LSA did not work – I deactivated the firewalls but that did not fix the problem.
And I only have that problem with setting this flag. Other flags as “UserMustChangePassword” are no problem.
Any suggestions?
I’m not sure this solves your problem, as the issue is most likely some kind of bug in the Microsoft framework.
You refer that this bug only happens if you are executing this on a computer/user outside the domain you are currently changing, so you might try to establish a trusted connection to the Domain Server before executing your application.
This may be done in many different ways, but the easiest is to mount the IPC$ hidden share on the domain controller as a Domain Admin. Just execute this on the command prompt:
Again, it may or may not solve your problem, but it’s worth a shot 🙂