Reset Password Right

[Guest]

Hi

I'm trying to apply the "reset password" right to a computer object in Active Directory..
To do this, i used the ActiveDS lib

Whatever i do, i get the 'The security ID is invalid

Here is my little code (in C#)

ActiveDs.IADs dsobject
ActiveDs.IADsSecurityDescriptor sd
ActiveDs.IADsAccessControlList dacl
ActiveDs.AccessControlEntry NewAce
long lflags
string ComputerPath

ComputerPath="LDAP://"+Domain.ToString()+"/CN="+ComputerName.ToString()+",OU=Just Created,OU=IT,OU=Bruxelles,OU=Belgium,OU=all computers,DC=domain,DC=com"

dsobject = dsobject.Get(ComputerPath)

sd = dsobject.Get("ntSecurityDescriptor")

dacl = sd.DiscretionaryAcl

NewAce.AccessMask="accessrights"
NewAce.AceType="accesstype"
NewAce.AceFlags="aceinheritflags"
NewAce.Trustee=UserName.ToString()

dacl.AddAce(NewAce)
sd.DiscretionaryAcl = dacl

dsobject.Put("ntSecurityDescriptor",sd)
dsobject.SetInfo()

I can't figure where's the problem... Is it the approach ? Do i have to use something else ?..

Thanks for reading :

Sneid

 

[Willy Denoyette [MVP]]

You need to set the "AccessMask" bit8 (0x100) and the "ObjectType" guid
value 00299570-246d-11d0-a768-00aa006e0529 in the ACE.

Willy.

 

[Denis Van Melkebeke]

Hi again,

Thanks for your response
I tried a different approach, i prefer this syntax, but it still doesn't
work... Do i forget something in the ACE ?
I suppose it's a simple problem, on of the properties not correctly
filled, but i can't see where it goes wrong...


Here is the new code :

DirectoryEntry dsobject = new
DirectoryEntry(ComputerPath.ToString(),"Username","pwd");
sd = (SecurityDescriptor)
dsobject.Properties["ntSecurityDescriptor"].Value;
dacl = (ActiveDs.AccessControlList) sd.DiscretionaryAcl;


NewAce.AccessMask = 0x100;
NewAce.Trustee=@"dom\user";
NewAce.ObjectType="{00299570-246d-11d0-a768-00aa006e0529}";

sd.DiscretionaryAcl = dacl;
dsobject.Properties["ntSecurityDescriptor"].Value = sd;
dsobject.CommitChanges();

Thanks for reading

Sneid