Hi Safeguard Experts,
We hit an issue when trying to "Check Password" and "Change Password" for accounts that are discovered in an Active Directory asset. Highly appreciate if someone could shed some lights on us. Thank you.
Here are the details from the Task window in SPP.
Check Password
Queuing task.
Starting task.
Verifying Password.
Connecting with asset NPNSP (xxx.xxx.xxx.xxx).
Connection to local address: xxx.xxx.xxx.xxx forbidden for asset: NPNSP
Unable to check password on asset NPNSP due to an error.
Saving task results.
Task completed with failure.
Change Password
Queuing task.
Starting task.
Connecting with asset NPNSP (xxx.xxx.xxx.xxx).
Connection to local address: xxx.xxx.xxx.xxx forbidden for asset: NPNSP
Unable to change password for account <account_name> due to an error.
Saving task results.
Task completed with failure.
Operation tab:
Friday, 22 October 2021 4:53:43 PM Information Platform framework version 6.11.0.1444
Friday, 22 October 2021 4:53:43 PM Information Initializing ChangePassword platform task 62be0ff0-32fc-11ec-af67-a43580b84a68
Friday, 22 October 2021 4:53:43 PM Debug ############### Operation Parameters ################
Friday, 22 October 2021 4:53:43 PM Debug AssetName NPNSP
Friday, 22 October 2021 4:53:43 PM Debug Address 172.22.34.17
Friday, 22 October 2021 4:53:43 PM Debug FuncUserName svc_Safeguard_NPNSP
Friday, 22 October 2021 4:53:43 PM Debug FuncUserNetBiosName NPNSP
Friday, 22 October 2021 4:53:43 PM Debug FuncUserDomain <domain_name>
Friday, 22 October 2021 4:53:43 PM Debug NonPrivFunc False
Friday, 22 October 2021 4:53:43 PM Debug FuncPassword **secret**
Friday, 22 October 2021 4:53:43 PM Debug UseSsl True
Friday, 22 October 2021 4:53:43 PM Debug AccountUserName <account_name>
Friday, 22 October 2021 4:53:43 PM Debug NetBiosName NPNSP
Friday, 22 October 2021 4:53:43 PM Debug DomainName <domain_name>
Friday, 22 October 2021 4:53:43 PM Debug AccountPassword **secret**
Friday, 22 October 2021 4:53:43 PM Debug NewPassword **secret**
Friday, 22 October 2021 4:53:43 PM Debug ChangePassword
Friday, 22 October 2021 4:53:43 PM Debug Using 'svc_Safeguard_NPNSP@<domain_name>' from user= svc_Safeguard_NPNSP, domain=<domain_name>, netBios= NPNSP.
Friday, 22 October 2021 4:53:43 PM Debug Using PrincipalContext to validate credentials for xxx.xxx.xxx.xxx
-------------------------------------------------------------------
Then, we tried to run a .net program to connect to the AD with the same service account and we can reset the user password successfully. Note that the service account has reset password permission, but not unlock account permission.
Here is the simple program that I used and it is working:
DirectoryEntry de = new DirectoryEntry(ldapString, adminUser, adminPass, AuthenticationTypes.SecureSocketsLayer);
DirectorySearcher deSearch = new DirectorySearcher(de) { SearchRoot = de, Filter = "(&(objectClass=user)(cn=" + username + "))" };
deSearch.SearchScope = SearchScope.Subtree;
var dres = deSearch.FindOne();
DirectoryEntry directoryEntry = dres.GetDirectoryEntry();
directoryEntry.Invoke("SetPassword", new object[] { "some very complicated password" });
directoryEntry.Close();
-------------------------------------------------------------------
Any suggestions and comments are welcome, thank you.
Ronald
