RE: Web based utility for securely changing AD password

["Bates, Chris" <Chris.Bates () nwdc net>]

Depending on you needs, you can write up a quick one in ASP.NET or
VBScript.
Shouldn't be much more then 20 to 30 lines of code.


----------------------------------------------------------------------
Chris Bates (CISSP)
Infrastructure Management Consultant
ACS Inc. (Enterprise Services; NWDC)
Chris.Bates () nwdc net
D: 503.466.6926
C: 503.789.6064

-----Original Message-----
From: net shark [mailto:netshark () sexmagnet com] 
Sent: Wednesday, November 23, 2005 1:28 AM
To: webappsec () securityfocus com
Subject: RE: Web based utility for securely changing AD password

AFAIK, the correct (M$ way) to do it, is through the AD services
interface (ADSI).
I saw a simple example in the technet, sometime ago.
When making the correct calls to the ADSI, you can efectivelly change
the user's password, as long as the script is executed in the
Enterprise/domain admin security context.
However AFAIK,you cannot read the password (not even it's hash). ADSI
has specific procedures for user authentication in AD.

Alex

> -----Original Message-----
> From: Saqib Ali [mailto:docbook.xml () gmail com]
> Sent: 22 November 2005 18:32
> To: webappsec () securityfocus com
> Subject: Fwd: Web based utility for securely changing AD password
>
> Hello All,
>
> This may be a little bit off-topic...  ;-)
>
> Is anyone aware of a good web based utility that will allow users from

> several domains to change their Active Directory password securely?
>
> I tried IISADMPWD from http://support.microsoft.com/?id=555071 , but 
> it is very flaky and does not work most of the time.
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
> Consensus is good, but informed dictatorship is better.
>
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
> Consensus is good, but informed dictatorship is better.