Changing a users password from code

Posted On 2012-09-16 by dwirch
Tags: Visual Basic 6 Tutorial Tip Windows
Views: 1427

Changing an Active Directory user password is not really too difficult. You can even build the function into your own application, by leveraging some Windows API functions.

Note that this doesn't bypass the security need of knowing the users old password! This is just a away you can add "change password" functionality to your own application, while still leveraging Active Directory security.

The Function takes 4 Parameters:

  • Domain Name (ComputerName)
  • User name
  • Old password
  • New password

Simply drop this next code segment into a module, and you it should work straight away.
Option Explicit

Private Declare Function NetUserChangePassword _
Lib "Netapi32.dll" (ComputerName As Any, User As Any, _
OldPass As Any, NewPass As Any) As Long

Private Const ERROR_ACCESS_DENIED = 5&
Private Const NERR_InvalidComputer = 2351
Private Const NERR_NotPrimary = 2226
Private Const NERR_UserNotFound = 2221
Private Const NERR_PasswordTooShort = 2245

'Changes the Password for the user "User" on the
'computer "Server" from "OldPassword" to "NewPassword"

Function ChangeUserPassword(ByVal Server As String, _
ByVal User As String, ByVal OldPassword As String, _
ByVal NewPassword As String) As String

Dim r As Long, msg As String

'Create Unicode-Arrays
Dim bComputer() As Byte: bComputer = GetByteArray(Server)
Dim bUser() As Byte: bUser = GetByteArray(User)
Dim bOldPassword() As Byte: bOldPassword = GetByteArray(OldPassword)
Dim bNewPassword() As Byte: bNewPassword = GetByteArray(NewPassword)

'call API-Function
r = NetUserChangePassword(bComputer(0), bUser(0), _
bOldPassword(0), bNewPassword(0))

'check return value and represent as string
Select Case r
Case ERROR_ACCESS_DENIED: msg = "Error: Access denied."
Case ERROR_INVALID_PASSWORD: msg = "Error: Invalid password."
Case NERR_InvalidComputer: msg = "Fehler: Invalid Computer/Domainname."
Case NERR_NotPrimary: msg = "Error: This operation can only performed on the primary domain controler."
Case NERR_UserNotFound: msg = "Error: User not found."
Case NERR_PasswordTooShort: msg = "Error: Password does not match Password-Restrictions. (Password to short, to long or has already been used by this user.)"
msg = "Error: Error accessing info for domain controler. Maybe the computer is not available or access was denied."
Case 0: msg = "Operation performed successfully."
Case Else: msg = "Error: Unexpected Error " & r & " occured."
End Select

ChangeUserPassword = msg
End Function

'Converts a Unicode-String to a Unicode-Byte-Array.
'Is used because VB always passes Strings as ANSI instead of Unicode.

Private Function GetByteArray(ByVal str As String) As Byte()
Dim Buf() As Byte
Buf = str
ReDim Preserve Buf(Len(str) * 2 + 1)

GetByteArray = Buf
End Function

About the Author

dwirch has posted a total of 172 articles.


Comments On This Post

By: AnonymousCoward
Date: 2016-12-27

This doesn't work in my application. I keep getting the same error that the password is shorter than required, or too long, or doesn't meet the policy requirements. I know it meets the policy requirements and I know it's not too short or too long. No matter what I try it doesn't work. I'm using Win2008 server and I've heard other people say it won't work for them either. It did work on Win2003 server but not 2008.


By: dwirch
Date: 2016-12-27

I will see if I can figure out why it is not working on 2008 or newer.

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Beat With A Stick List Returns: By request, BWASL has returned to the site. Free your rage by telling the world about something that really grinds your gears. Add your beating.

Recent Forum Posts

BWASL returns
dwirch posted on May 13, 2017 at about 15:24 in Site News

BWASL returns
dwirch posted on May 13, 2017 at about 8:46 in Site News

Job Spammer: Balashankar Bose Bose
dwirch posted on May 11, 2017 at about 10:05 in Spammers

Job Spammer: Bharti Jigyasi
dwirch posted on May 11, 2017 at about 7:58 in Spammers

List of Shady Characters
dwirch posted on April 25, 2017 at about 16:39 in Webmaster Stuff

Job Spammer: Bilal Uddin
dwirch posted on April 25, 2017 at about 11:00 in Spammers