Q. How can I create a Web page where users can change their passwords?

I think this is very imformative and now I can use this for my project at school. I have to create a web site and I will be able to let people change their passwords on my site. Thanx

Farron Jasso April 26, 2004

Your Script is not working....I wonder why?? this is what i am getting
The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

Open the cserver home page, and then look for links to the information you want.
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Error Type:
(0x80072030)
/changepass.asp, line 20

Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; DigExt; Hotbar 4.4.2.0)

Page:
POST 41 bytes to /changepass.asp

POST Data:
cn=affan&newpass=affan1&passverify=affan1

Time:
Wednesday, April 28, 2004, 10:51:54 AM

More information:
Microsoft Support

Affan April 28, 2004

usr.put "userPassword", strNewPassword
should be changed to:
usr.ChangePasssword oldpassword, newpassword
So that AD will change (and encrypt) the user's password

You may want to check out the MSDN library's article on the IADsUser::ChangePassword function because the usr object is an IADSUser object.
http://msdn.microsoft.com/library/en-us/adsi/adsi/iadsuser_changepassword.asp

Erik Pitti April 30, 2004

We thought about following this type of development in house for providing password changes, but found that we really needed to address the bigger issue - password resets and lockouts. Changing passwords were secondary to our problem. We spec'd out what our needs were by working with our help desk / IT team and decided we should look at commercial products to see what they offered before we set out to build this. We found a very cool product called Password Station by Avatier. Not only did this solve a security issue that we feared could put us in, but it installed in 30 minutes, had a great interface, built completely with .NET and supported AD along with some other platforms that we needed to connect and sync to. One of the other things that we liked was that if the end-user cannot get to a browser, they can make a call and get their password reset via the phone with Password Station. I say that if you don't have time to build this or want something that will solve your problems in a DAY - then get this. They gave us a free cost analysis that showed the payback in less than 2 months. We wanted to have something secure - and if NASA uses this then we figured it was beyond secure!

David Lee May 05, 2004

This is great however, i would like to change the passwords for a user that can be within any OU. is there anyway of getting the users OU from the username entered on the web page?

briantrebs October 11, 2004 (Article Rating:

)

Or better still a dropdown list of users in the domain?

briantrebs October 11, 2004 (Article Rating:

)

IT DOES NOT WORK!! PLEASE TELL ME WHAT TO DO TO MAKE IT WORK

Anonymous User July 19, 2005 (Article Rating:

)

I get an error at the set usr = ... line - is this down to permissions?

squarefish January 03, 2006 (Article Rating:

)

I copy a asp code that works bwlow. However, I'm seeking for a code that user need to type there old password for verify the user. Hope anyone could tell what was wrong here?!
Thanks.

<%
strUserCN = request.form("cn")
strOpassword = request.form("oldpass")
strNewPassword = request.form("newpass")
strPassVerify = request.form("passverify")

if strUserCN="" then
response.write "<html><head><title>Change Password</title></head><body>"
response.write "<center><h1>Web Password Reset</h1></center>"
response.write "<hr><br><br><form method=post action=changepass.asp><table>"
response.write "<tr><td>CN: </td><td><input type=text name=cn></td><tr>"
response.write "<tr><td>Old Password: </td><td><input type=password name=oldpass></td></tr>"
response.write "<tr><td>New Password: </td><td><input type=password name=newpass></td></tr>"
response.write "<tr><td>Verify Password: </td><td><input type=password name=passverify></td></tr>"
response.write "<tr><td colspan=2 align=center><input type=submit value='Reset Password'></td></tr>"
response.write "</table></body></html>"
response.end
else

set usr = GetObject("LDAP://CN=" & strUserCN & ",CN=Users,DC=savilltech,DC=com")

if strNewPassword = strPassVerify then
if usr.userPassword <> strOpassword then
usr.put "userPassword", strNewPassword

response.write "<html><head><title>Results</title></head><center><h1>Update Results</h1></center><hr><br><br>"
response.write strUserCN & ": password was successfully updated"
response.end

else

response.write "<html><head><title>Error!</title></head><body>"
response.write "<center><h1>An Error Has Occurred!</h1></center>"
response.write "<hr><br><br>"
response.write "The password and confirmation do not match. Please go back and try again."
response.end

end if
end if
end if
%>

if strNewPassword = strPassVerify then
if usr.userPassword <> strOpassword then
usr.put "userPassword", strNewPassword

rm.fish May 31, 2006 (Article Rating:

)