Hi All,
Firstly - For reasons I won’t get in to I can’t load in the AD module and use Set-ADAccountPassword cmdlet so…
I am trying to change a user account password using the following:
$User = "<MyUserName>"
$CurPass = "<CurrentPassword>"
$NewPass = "<NewPassword>"
$Filter = "(&(objectCategory=person)(objectClass=user)(samaccountname=$User))"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://<DomainController>:636", $env:USERDNSDOMAIN\$User, $CurPass)
$Searcher.Filter = $Filter
$Searcher.SearchScope = "Subtree"
$objUser = $Searcher.FindOne().GetDirectoryEntry()
$objUser.PsBase.Invoke("ChangePassword", $CurPass, $NewPass)
$objUser.CommitChanges()
The above throws a constraint violation error (even as a Domain Admin). If I use the “SetPassword” method as a domain admin this works but I get access denied as a user. I figured “ChangePassword” should work as a user but I cant get this method to work at all.
Any idea?
Thanks