What is the equivalent of Invoke("SetOption") in System.DirectoryServices.Protocols?

77 Views Asked by Victorio Berra At 06 December 2022 at 00:02

I have a legacy .NET library doing the following:

const int adsOptionPasswordMethod = 7;
const int adsPasswordEncodeClear = 0;
user.Invoke ("SetOption", new object[] { adsOptionPasswordMethod, adsPasswordEncodeClear });

I am using System.DirectoryServices.Protocols in .NET 7 now, and I want to do something like this:

const int adsOptionPasswordMethod = 7;
const int adsPasswordEncodeClear = 0;
var setOptionsAccountControl = new DirectoryAttributeModification
{
    Operation = DirectoryAttributeOperation.Replace,
    Name = "SetOption",
};
modifyUserAccountControl.Add(adsOptionPasswordMethod);
modifyUserAccountControl.Add(adsPasswordEncodeClear);

But the above seems wrong.

Original Q&A

There are 1 best solutions below

Gabriel Luci On 06 December 2022 at 18:05 BEST ANSWER

According to the documentation, the value of ADS_PASSWORD_ENCODE_CLEAR is 1, but the old code is using 0, which is the value for ADS_PASSWORD_ENCODE_REQUIRE_SSL, which requires the use of SSL.

So if the old code was working, then it must have already been connecting via SSL (port 636).

The documentation for the unicodePwd attribute (the real attribute for the password, although userPassword can work too) says that:

servers require that the client have a 128-bit (or better) SSL/TLS-encrypted connection to the DC in order to modify this attribute.

If it's already using SSL, then that's all that's needed to be able to set the password. Setting those options isn't necessary.

What is the equivalent of Invoke("SetOption") in System.DirectoryServices.Protocols?

There are 1 best solutions below

Related Questions in C#

Related Questions in .NET

Related Questions in LDAP

Related Questions in DIRECTORYSERVICES

Trending Questions

Popular # Hahtags

Popular Questions