w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Poll for only password change in Active Directory
As far as I know, by default the password (stored in an encrypted way) cant't be read in Active-Directory. You can change the policy to store it in a reversible way, but it's really not a good thing. The only way I know, is to install a componant on each client machine. The component catch the password change and you can do what you want. From NT to XP this component was called GINA (DLL). Begining Vista this companent should be written using Credential Provider API.

Categories : C#

ASP.NET: Disallow certain Active Directory users
I'd put the restricted department users into an AD Group, then you could put it in your web.config under authorizations denying that specific group privileges. See below for example (DepartmentIDs would be your AD group): <?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" /> <authentication mode="Windows" /> <authorization> <allow roles="DomainNameAuthorizedUsers" /> <deny users="DomainNamesDepartmentIDs" /> </authorization> </system.web> </configuration> Users you can also specify as <deny users="comma-separated list of users"> Or you can deny roles. There are quite a few options here. You can also do permissions in IIS

Categories : Asp Net

Insert users into Active Directory
Here's a general idea of the algorithm: Load user data from SQL Server Convert it into an LDIF (LDAP Data Interchange Format) file Import the LDIF file into Active Directory using the LDIFDE command-line tool Python, or any other programming language, can help you with step 2. Notice that the details of the conversion are very specific to how your data is represented. You'll have to carefully map each data base field into an LDAP attribute, and determine the classes to be used in the LDAP objects. Will the above modify existing users? yes, of course. You could write the LDIF in such a way that it updates the existing data, or if that's a problem you could verify first if an user exists in the Active Directory and don't add those changes to the LDIF file. Alternatively You could use

Categories : Python

Modifying Users in Active Directory
Something like this should work: Const ADS_PROPERTY_APPEND = 3 dn = "cn=YoungRob,ou=R&D,dc=NA,dc=fabrikam,dc=com" isMember = False 'check regular group memberships For Each m In objGroup.GetEx("member") If LCase(m) = LCase(dn) Then isMember = True Exit For End If Next 'check primary group primaryGroupID = GetObject(dn).Get("primaryGroupID") objGroup.GetInfoEx Array("primaryGroupToken"), 0 If primaryGroupID = objGroup.Get("primaryGroupToken") Then isMember = True If Not isMember Then objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(dn)

Categories : Vbscript

Comparing a hashed password with Active Directory
I don't know a way to do it with LDAP, but it can be done with Kerberos. A good starting point is Kerberos Authentication Technical Reference on technet. You may also want to check Logon and Authentication Technologies, which is the parent article and list a bunch of ways to authenticate against AD, with which I am not familiar.

Categories : Dotnet

Regular expression for Active Directory Password
Regular expressions are a great tool, but don't solve everything. E.g., a regular expression can't count in the sense that you require. Yes, a regular expression can count e.g. consecutive letters, but it can't check that you e.g. have two of these and three of the others, spread over the complete input string. This also goes for your specific question. Specifically, checking these two different conditions in the same regular expression may become very difficult. In this case, I would advise not to use regular expressions and just write a small algorithm that performs all checks. Another advantage you get with this approach, is that mere mortals will be able to understand you algorithm when they revisit it later on. Always an added benefit.

Categories : C#

Returning all the Users from the current Active Directory
You must have link for this action like follow: /CurrentController/Details?id=1 So, for example you can write ActionLink as follow: <a href="@Url.Action("Details", "ControllerName", new { id = 1})" role="button" data- toggle="modal">

Categories : Asp Net

How can I retrieve list of Active Directory users
You can use a PrincipalSearcher and a "query-by-example" principal to do your searching: // create your domain context using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain)) { // define a "query-by-example" principal - here, we search for a UserPrincipal // and with the first name (GivenName) of "Bruce" UserPrincipal qbeUser = new UserPrincipal(ctx); qbeUser.GivenName = "Bruce"; // create your principal searcher passing in the QBE principal PrincipalSearcher srch = new PrincipalSearcher(qbeUser); // find all matches foreach(var found in srch.FindAll()) { // do whatever here - "found" is of type "Principal" - it could be user, group, computer..... } } If you haven't already - absolutely read the MSDN article Managing

Categories : Dotnet

Tomcat 6 - authentication through active directory with encrypted password
I think your only alternative is to subclass JNDIRealm and make a new attribute that will have some sort of encrypted connection password. The password can't be hashed (with, e.g. MD5 as you specify) because hashes are one-way--there's no undoing a hash--and Tomcat needs the password in its original unhashed form to authenticate against the AD installation. If you use a reversible encryption in your JNDIRealm subclass, then when Tomcat needs the password you can decrypt the password and pass it along.

Categories : Authentication

Using active directory to authenticate users on intranet site
If you are looking only for authentication and nothing else, you may get away with only a few lines of code. First, ensure you have ldap enabled in your php. Here's pure php implementation: (note that when doing it this way you should ensure that you DO HAVE a username and a password from a user - anonymous binding will almost always return true for AD) $link = ldap_connect('domain.com'); // Your domain or domain server if(! $link) { // Could not connect to server - handle error appropriately } ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3); // Recommended for AD // Now try to authenticate with credentials provided by user if (! ldap_bind($link, 'username@domain.com', 'SomeSecret')) { // Invalid credentials! Handle error appropriately } // Bind was successful - continue

Categories : PHP

VBS Active Directory (2003) Move users from one set of groups to another
If all you want is transfer group members from each Sync group to the correspondig Mig group, something like this should do: Set fso = CreateObject("Scripting.FileSystemObject") Set userlist = CreateObject("Scripting.Dictionary") userlist.CompareMode = vbTextCompare Set f = fso.OpenTextFile("users.txt") Do Until f.AtEndOfStream userlist.Add f.ReadLine, True Loop f.Close domain = GetObject("LDAP://rootDSE").Get("defaultNamingContext") For i = 1 To 20 n = Right("0" & i, 2) Set gSync = GetObject("LDAP://CN=Sync" & n & ",OU=Huset," & domain) Set gMig = GetObject("LDAP://CN=Mig" & n & ",OU=Huset," & domain) For Each m In gSync.Members Set user = GetObject(m.ADsPath) If userlist.Exists(user.sAMAccountName) Then gMig.Add(m.ADsPath) gS

Categories : Vbscript

Getting deleted users by lastknownparent in windows active directory using c#
Maybe I'm a little bit late but I hope this answer will help. Just replace ADEL with \0ADEL in your LDAP query. By the way, this rule applies to every attribute with dn syntax.

Categories : C#

List users in active directory domain AND subdomain
You can query the global catalog. It contains a read-only, searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The GC operates on port 3268 ( standard ldap ) and 3269 ( SSL ldap ). Simply connect to any of your domain controllers on one of the above two ports and your search will be automatically directed to the GC server. To perform any modifications, though, you will have to send such request to a domain controller for that particular domain the object belongs to.

Categories : C#

Active Directory VBScript Get Users shared mailbox list
Worked it out... delegateList = objUser.Get("publicDelegatesBL") For Each Desc In delegateList Set objMailbox = GetObject("LDAP://" & desc) WScript.Echo " " & objMailbox.DisplayName Next

Categories : Vbscript

Invocation error saving a list of users in Active Directory
If you are using impersonation, you need to be sure that the impersonated user has sufficient permissions to modify/create objects in active directory. This will almost never be the case if the impersonated user is not a domain admin or does not have custom permissions set. I would suggest you ditch impersonation and either run the application pool as a domain account that has limited permissions in active directory (think least-privilege here, give it only the permissions it needs to do its job), or create an impersonation context in code manually with a domain account that has the same restrictions as the proposed application pool account. There are a couple of links in this SO answer that may help you out with impersonating another user in code.

Categories : C#

Use Windows Azure Active Directory to register new users for MVC 4 website
I don't believe it is the user that has to be registered first. It is the application that holds the permissions to read/write to WAAD. If the application is registered in WAAD, and contains the necessary write permissions, then the app and query WAAD and add new users to the directory.

Categories : Asp Net Mvc

For a Ruby CLI, what is the most reliable way to change directory to users root/home directory?
To summarize Avdi Grimm's screencast on the same subject, If you're using a Ruby version greater than 1.9, the Dir module provides a method #home. However, this depends on the environment variable HOME set on the user's shell session. To reliably get the home dir, you should pass in the login name of the current user to the Dir.home command. Or, in code: # Works if HOME is set in the environment i.e., if "echo $HOME" returns the home directory # when that command is run on the command-line Dir.home # => /Users/<username>, Works if HOME is set # If the HOME environment variable is not set, you should explicitly pass in the username # of the currently logged-in user Dir.home(username) # => /Users/<username> # The current username can be obtained using username

Categories : Ruby

I want to add a random generated password to my newly created Active Directory User
This is written so that $sourceData can be a string like the following. If you really want to pass $sourcedata as an array of char remove the [char[]] cast from the function. $sourcedata="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-$" Function GET-Temppassword() { Param( [int]$length=10, [string[]]$sourcedata ) -join ([char[]] $sourcedata | GET-RANDOM -count $length) } get-temppassword $sourceData 20 GVTXxF13ibnBK5AQOu-P

Categories : Powershell

Active Directory: find details of users in group without mass search
You could utilize an ANR search for some of those attributes For more information, see this article - the functionality has been there since 2000: http://support.microsoft.com/kb/243299 In order to search for other attributes not in the default set, you'd need to tweak the schema (which may not be suitable in your situation).

Categories : C#

SQL Server Security: prevent authorized Active Directory users from reading data
See the first answer in this StackOverflow post. As the author says there isn't any total solution, you'll always have a compromise. In my opinion user impersonation is the way to go.

Categories : SQL

Devise: Change any users password as admin
Can't say I understand why, but I needed to set a password_reset_token, and then it worked. Here's what the method looks like now: def update_password @user = User.find(params[:user][:id]) @user.reset_password_token = 'temp' @user.save! if @user.reset_password!(params[:user][:password], params[:user][:password_confirmation]) Notifier.admin_password_change(@user).deliver flash[:success] = "Password Changed!" redirect_to edit_admin_user_path(@user) else render "edit" end end The token get's blown away when the reset_password! method runs. I couldn't find anything in the docs that alluded to needing a reset_password_token, but it seems to be required. I wouldn't say this code is pretty, but the solution works. If someone else comes up with something better, I'll

Categories : Ruby On Rails

Change password for all users accounts in command prompt
I'd recommend employing the help of a little VBScript: Set accounts = GetObject("WinNT://.") accounts.Filter = Array("user") For Each user In accounts WScript.Echo user.Name Next Save it as listusers.vbs and run it like this: @echo off setlocal set /p "newpw=Enter new password: " for /f "delims=" %%u in ('cscript //NoLogo C:path olistusers.vbs') do ( net user "%%u" "%newpw%" ) Edit: If you want to omit specific accounts from being processed you can either add an exclude list to the VBScript: Set exclude = CreateObject("Scripting.Dictionary") exclude.CompareMode = vbTextCompare exclude.Add "HomeGroupUser$", True exclude.Add "otheruser", True ... Set accounts = GetObject("WinNT://.") accounts.Filter = Array("user") For Each user In accounts If Not exclude.Exists(user.Name)

Categories : Batch File

Route user to users#show after devise password change
You do it like this; First up, update your routes file to use the status of Devise so authenticated users are treated differently authenticated :user do root :to => "users#show" end unauthenticated :user do devise_scope :user do get "/" => "devise/sessions#new" end end Now make sure that when user#show happens, current_user is looked up and used to combat the fact that the users#show has no :id def show if params[:id].nil? # if there is no user id in params, show current one @user = current_user else @user = User.find(params[:id]) end Its all good! Thanks

Categories : Ruby On Rails

Change users mysql password with a view to security -- Best Practices
It seems that according to dev.mysql, they recommend just securing the logs rather than sanitizing them. To guard against unwarranted exposure to log files, they should be located in a directory that restricts access to only the server and the database administrator. Replication slaves store the password for the replication master in the master.info file. Retrict this file to be accessible only to the database administrator. Database backups that include tables or log files containing passwords should be protected using a restricted access mode. It would appear that this issue was fixed more elegantly in later versions of MySQL. See: http://dev.mysql.com/doc/refman/5.7/en/password-logging.html In MySQL 5.7, statement logging avoids writing passwords in plain t

Categories : Mysql

I am using Devise, the password change is redirecting to home page, how to keep it on /users/edit?
The update action in PasswordsController calls a protected method named after_resetting_password_path_for. The method just calls after_sign_in_path_for so I think it should be safe to subclass PasswordsController and override this method. It looks like there's is already a test for whent this method is overridden so it looks like it's definitely supported.

Categories : Ruby On Rails

Change Active directory in Shell Script
Following is the problem line in your script: exit Remove it, and execute your script by either saying: source runIt.sh or . runIt.sh You might have observed that your session would have exited upon invoking the script using either of the two forms mentioned above. This is because using source or . cause the script to run in the same shell.

Categories : Bash

account expiration/password expiration in active directory
Try something like this: Import-Module ActiveDirectory function FileTime2Date($time) { return ([datetime]::FromFileTime($time)).DateTime } $today = Get-Date $userlist = Get-Content "C:path ousername.list" Get-ADUser -Filter * -Properties * | select sAMAccountName, accountExpirationDate, @{n='passwordExpiry'; e={FileTime2Date $_.'msDS-UserPasswordExpiryTimeComputed'}} | ? { $userlist -contains $_.sAMAccountName -and ( $_.accountExpirationDate -le $today -or $_.passwordExpiry -le $today ) } Untested, though, since I don't have an AD at hand right now.

Categories : Powershell

Change YourKit Remote Profiler Temp Directory
The solution is to pass tmpdir=<dir> as one the agent options. The only problem is we can't set this in CloudFoundry, as it's trimming JAVA_OPTS on the equals... Ho-hum pip and dandy.

Categories : Java

Office addin deploy to all users
I think the problem is related to 64-bit installations. When the app is installed for All users on 64-bit Windows, registry keys from User/Machine Hive are placed in HKEY_LOCAL_MACHINE/Software/Wow6432Node. When it's installed for Current user or on 32-bit Windows, the keys are correctly placed into HKEY_CURRENT_USER/Software/Microsoft/Office...

Categories : Visual Studio 2010

MS Office COM Interop and thread safety with multiple UAC Users
COM Interop for office is a STA (Single Threaded Apartment). So, while it does not support multi-threading per-say, the COM serializes all incoming commands. I think this was a problem with older office versions: Office may exhibit unstable behavior and/or deadlock when Office is run in this environment. However, I think blocking or stability issues are not present when using > 2010 office coms. "The Ole RPC protocol for marshalling to an STA involves packaging the call up and actually sending a message to a hidden window (which Ole supplies) in the server process. When the server dispatches that message, the Ole window's WndProc unwraps the message and executes the call. The message protocol enforces serialization. Incoming calls are queued up in the message queue and they are han

Categories : C#

Unable to gracefully abort on unknown password via Microsoft.Office.Interop.PowerPoint?
Translate this VBA to [whatever] and you should be good to go. Dim oPres As Presentation On Error Resume Next Set oPres = Presentations.Open("c: empopen.pptx::BOGUS_PASSWORD::") If Not Err.Number = 0 Then MsgBox "Blimey, you trapped the error!" _ & vbCrLf & Err.Number & vbCrLf & Err.Description End If More generically: Presentations.Open "filename.ext::open_password::modify_password" If you pass a passworded file a deliberately bogus password, you get a trappable error, but PPT doesn't pop a dialog box. If you pass a non-passworded file a password, it just opens. This should work with new or old-binary format files, and I'm told it works in versions as far back as 2003.

Categories : C#

How to set gecos attribute in Active Directory using directory services(C#)
I finally found the way to access the attribute. Instead of using directly the DirectoryEntry to connect to the LDAP such as : DirectoryEntry DEBase = new DirectoryEntry("LDAP://" + DomaineName); I used DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, domaineName)); DirectoryEntry dERoot = System.DirectoryServices.ActiveDirectory.Domain.GetDomain(context).GetDirectoryEntry(); Then I have no problem accessing the gecos attribute

Categories : C#

Need a VB script that put word excel powerpoint outlook and access office icons on users desktops
Check for the existence of an Office 2010 folder and create the icons according to the result of that check. Const Office2003 = "C:Program FilesMicrosoft OfficeOffice11" Const Office2010 = "C:Program FilesMicrosoft OfficeOffice14" Set fso = CreateObject("Scripting.FileSystemObject") Set objShell = WScript.CreateObject("WScript.Shell") If fso.FolderExists(Office2010) Then officePath = Office2010 Else officePath = Office2003 End If strDesktopFolder = objShell.SpecialFolders("Desktop") Set objShortCut = objShell.CreateShortcut(strDesktopFolder & _ "Microsoft Word.lnk") objShortCut.TargetPath = fso.BuildPath(officePath, "winword.exe") objShortCut.Description = "Microsoft Word" objShortCut.Save

Categories : Vbscript

How to set up local repo to have different root directory than remote "upstream" directory of an open source project?
Broadly speaking, No. Git does not allow you to have two different view of the same repository that have different directory structures. Solution 1: Ignore git altogether for uploading That said, I think you don't need this anyway. If your webhost provides public_html, why not just scp the files you want to the location you want? You could make this a task in a Makefile/Rakefile/whatever and then run it from your local machine when you want to upload, for example, a makefile task could look like: upload: scp -r ./upload/* me@myhost:/home/me/public_html/ .PHONY: upload Solution 2: link into your git directory on your webhost Instead of manually uploading your files, simply link your public_html directory to your upload directory in your git repository on your server. For example:

Categories : GIT

cakephp - change password method leaves blank the password field in database
You forgot one vital part about form processing in the controller: Check on POST. if ($this->request->is('post')) { // only then try to access $this->request->data['User'] content! } In the case thats it not a post (get), you just display the form - especially without trying to save anything. Tip: Take a look at baked code (using cake bake) and you will see how it's done properly.

Categories : Cakephp

How to verify a users password?
You can use the following method from the Membership class: Membership.ValidateUser(string username, string password) The documentation can be found here.

Categories : C#

System users password has expired
Open up cmd.exe and type in SQLPLUS Enter user-name: SYSTEM Enter password: the expired password It will now let you type in a new password for the SYSTEM user

Categories : Oracle

How to create users with default password?
that? class UserCreationForm(forms.ModelForm): class Meta: model = YourUserModel fields = ('email', 'username') def save(self, commit=True): # Save the provided password in hashed format user = super(UserCreationForm, self).save(commit=False) default_password = somefuntion() #Generate the default password user.set_password(default_password ) #Set de default password if commit: user.save() return user

Categories : Django

Log users into eXist-db using MD5 password (XQuery)
No, this is not possible: eXist-db does not work with hashes on the authentication functions, that would be a security risk since MD5 is not safe. In addition, eXist-db does not use MD5 internally for hashing the passwords, so validating a password would be difficult (matching two different hashing techniques is impossible) Unfortunately there is no way to work around this with the standard functions.

Categories : Misc

How to allow Unauthenticated users to reset password?
My answer is not specific to Membership Provider, but hopefully will point you in the right direction. Typically the way to approach this is to generate a very long random string, called a token. You send them a link that includes this token as a parameter, something like: http://foo.bar/reset?token=asldkfj209jfpkjsaofiu029j3rjs-09djf09j1pjkfjsodifu091jkjslkhfao Inside your application you keep track of tokens you have generated. If you receive a request containing that token, you authenticate it as if it was that user. A couple notes: The token generated should be random and effectively unguessable in a short period of time. The token should only work for a short period of time after being generated, ideally shorter than the time required to guess it. The token should only be usable

Categories : C#

© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.