One a password has expired, the only way for a user to reset their own password is C-A-D from a domain workstation. And no vpn.
-- Sent from my Droid. Please excuse any tpyos and autocorrect errors. On Nov 21, 2014 4:19 PM, "Natxo Asenjo" <natxo.ase...@gmail.com> wrote: > hi, > > using code like in the FAQ it is really simple to change the password > of an AD user. > > Unfortunately, once the account is already expired I get this error: > > 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext > error, data 773, v1db1 > > And according to http://www-01.ibm.com/support/docview.wss?uid=swg21290631 > , > > 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext > error, data 773, v893 > HEX: 0x773 - user must reset password > DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user's password must be > changed before logging on the first time.) > LDAP[pwdLastSet: <value of 0 indicates admin-required password > change>] - MUST_CHANGE_PASSWD > NOTE: Returns only when presented with valid username and > password/credential > > I am actually binding as the user self (this will be a self-service > site for our users to reset their passwords). Is it possible to change > one's password once the account has expired or do I have to bind as a > service account and reset the user password like that? I prefer not > having to hardcode credentials in the application, but if there is no > other way .. > > Thanks! > > -- > Groeten, > natxo >
