更改密码 Windows AD C#

Question

以下是我正在使用的代码：即使我使用的是管理员组中的帐户，我也被拒绝访问。

SafeTokenHandle safeTokenHandle;
string userName, domainName;
// Get the user token for the specified user, domain, and password using the 
// unmanaged LogonUser method. 
// The local machine name can be used for the domain name to impersonate a user on this machine.


const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token. 
const int LOGON32_LOGON_INTERACTIVE = 2;

// Call LogonUser to obtain a handle to an access token. 
bool returnValue = LogonUser(username, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeTokenHandle);

if (false == returnValue)
{
    int ret = Marshal.GetLastWin32Error();
}
using (safeTokenHandle)
{
using (WindowsImpersonationContext impersonatedUser = WindowsIdentity.Impersonate(safeTokenHandle.DangerousGetHandle()))
{
string x = WindowsIdentity.GetCurrent().Name;
PrincipalContext pc = new PrincipalContext(ContextType.Domain);
UserPrincipal up = UserPrincipal.FindByIdentity(pc, username);
up.SetPassword(txtNewChangedPassword.Text);
}

Answer 1

这周的假冒是怎么回事？ PrincipalContext 对象有一个接受用户凭据的构造函数。您需要做的就是：

PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain, username, password);
UserPrincipal up = UserPrincipal.FindByIdentity(pc, username);
up.SetPassword(txtNewChangedPassword.Text);

Answer 2

SetPassword 要求运行您的代码的用户是 Active Directory 中的管理员。由于您已经有旧密码可用，请尝试替换此行：

up.SetPassword(txtNewChangedPassword.Text);

有了这个：

up.ChangePassword(password, txtNewChangedPassword.Text);
up.Save();

Answer 3

            using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain, username, password))
            {
                //PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain, username, password);
                UserPrincipal up = new UserPrincipal(pc);
                up.SetPassword(newPassword);
            }