I'm writing a function for a web app in ASP.NET where the client logs into the server machine, which is Windows authenticated against the local users on the server. The function I am writing resets the users password and emails them the new one. I do this like so:
String userPath = "WinNT://" + Environment.MachineName + "/" + username.Text;
DirectoryEntry de = new DirectoryEntry(userPath);
de.Invoke("SetPassword", new object[] { password });
How can I also check the flag to force the user to change their password the next time they log in with the password emailed to them? I tried using pwdLastSet like so:
de.Properties["pwdLastSet"].Value = 0;
But this apparently only works with LDAP, not WinNT, and I am doing this locally.
Any experts know any better than me? I have even tried looking for a way to do this through the command line so that I can just create a Process, but I haven't been able to find a way to do it that way, either.
For WinNT, you must set the value to 1 rather than 0, and the property name is "PasswordExpired" rather than "pwdLastSet"; see http://msdn.microsoft.com/en-us/library/aa746542(VS.85).aspx
In other words, do this for WinNT:
de.Properties["PasswordExpired"].Value = 1;
(It is confusing, I know, but for LDAP you need to set the property "pwdLastSet" to 0. How's that for inconsistency!)