Active Directory访问拒绝DirectoryEntry上的异常。调用ChangePassword
[英]Active Directory access denied exception on DirectoryEntry.Invoke ChangePassword
问题描述
Following MVC web api code works without errors 
以下MVC Web API代码可正常运行
directoryEntry.Invoke("SetPassword", "desired password");
directoryEntry.CommitChanges();
But same application/service account get an error when attempting 但是相同的应用程序/服务帐户在尝试时会出错
directoryEntry.Invoke("ChangePassword", "old password", "new password");
directoryEntry.CommitChanges();
Error details: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) 错误详细信息: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Does invoking ChangePassword require different permissions that SetPassword? 调用ChangePassword是否需要与SetPassword不同的权限?
2 个解决方案
解决方案1
3 已采纳 2014-06-16 15:53:34
You might be getting the access denied error due to the "User cannot change password" setting flag being checked. 由于检查了“用户无法更改密码”设置标志,您可能会收到拒绝访问错误。 Any users for which you want to allow their password to be changed will need that setting unchecked. 您要允许其密码更改的所有用户都需要取消选中该设置。
解决方案2
1 2017-08-20 08:17:32
check your application pool identity user in IIS7 set the user which has the admin rights to change the AD password 在IIS7中检查您的应用程序池标识用户,设置具有更改AD密码的管理员权限的用户
you can find it under iis 7 >> application pools then select the application pool which your application using then right click on it and select advance setting then locate Process Model under this you will find Identity attribute here set the correct user which has admin rights 您可以在iis 7 >>应用程序池下找到它,然后选择您的应用程序所使用的应用程序池,然后右键单击它并选择高级设置,然后在其下找到Process Model,您将在此处找到Identity属性,设置具有管理员权限的正确用户
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.