Active Directory: Problem Setting User Password

I have included a possible solution below (based on an earlier solution by Joe. B. Kaplan), which does not rely upon the SetPassword method but achieves the same result - and is actually preferable - without the sleepless nights :). But in order for it to work you need to verify the following: a) That SSL is enabled on the Active Directory Server and the ASP.NET Application server that you are using. You can check out the following link to enable SSL on your AD server: http://support.microsoft.com/default.aspx?scid=kb;en-us;247078#kb2. If the app is on a different server than the AD server then you will have to export the root certificate (automatically installed on setting up) from Certificate Server on the AD and import it to the Trusted Root Certificates Store on your app server. You can do this via Tools - Internet Options - Content - Certificates. b) To test that SSL is enabled, you can run the lpd.exe Windows 2000 Support Tools from the command prompt. Then connect to your DC via port 636. If you can bind using your admin or some other credentials, then SSL is enabled. .................................................................... DirectoryEntry usr = new DirectoryEntry("LDAP://yourADServerName:636/cn=..."); usr.AuthenticationType = AuthenticationTypes.SecureSocketsLayer; string quotePwd; byte[] pwdBin; quotePwd = String.Format(@"""{0}""", password); pwdBin = System.Text.Encoding.Unicode.GetBytes(quotePwd); usr.Properties["unicodePwd"].Add(pwdBin); usr.CommitChanges(); .................................................................... You can use a variation of the above to change the user password as well. Unfortunately, the userPassword property cannot be used to achieve this result. I have found that the yourADServerName in the LDAP string sometimes does not work and should be replaced by the domain name alone i.e. replace myserver.mydomain.com with mydomain.com. Let me know if this was helpful to you. John Mencias ([email protected])