I've followed what I believe to be the right steps from this article (only in powershell). I can't however get it to work. I've tried both controls and verified through adsiedit and ldp that I have both controls that I need. I'm sure I'm missing something quit simple here but would appreciate some help.
supportedControl (35): 1.2.840.113556.1.4.2239 = ( POLICY_HINTS ); 1.2.840.113556.1.4.2066 = ( POLICY_HINTS_DEPRECATED );
When I set isCritical ("1.2.840.113556.1.4.2239", $byte, $true, $true) to true I get a failure of ...
Exception: System.Management.Automation.MethodInvocationException: Exception calling "SendRequest" with "1" argument(s): "The server does not support the control. The control is critical." ---> System.DirectoryServices.Protocols.DirectoryOperationException: The server does not support the control. The control is critical. at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at CallSite.Target(Closure , CallSite , Object , Object ) --- End of inner exception stack trace --- at System.Management.Automation.ExceptionHandlingOps.ConvertToMethodInvocationException(Exception exception, Type typeToThrow, String methodName, Int32 numArgs, MemberInfo memberInfo) at CallSite.Target(Closure , CallSite , Object , Object ) at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1) at System.Management.Automation.Interpreter.DynamicInstruction`3.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
When I don't set isCritical ("1.2.840.113556.1.4.2239", $byte, $false, $true) I get a Success returned but the password hasn't been changed.
RequestId :
MatchedDN :
Controls : {}
ResultCode : Success
ErrorMessage :
Referral : {}This is what I'm doing
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols") | Out-Null [System.Reflection.Assembly]::LoadWithPartialName("System.Net") | Out-Null $SDPServer = $srv $SDPPort = 636 $SDPConnection = New-Object System.DirectoryServices.Protocols.LdapConnection -ArgumentList "$($SDPServer):$($SDPPort)" #Set session options $SDPConnection.SessionOptions.SecureSocketLayer = $true; $SDPConnection.SessionOptions.VerifyServerCertificate = { return $true;} #needed for self-signed certificates $SDPConnection.SessionOptions.ProtocolVersion = 3; $SDPConnection.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic #$SDPConnection.AuthType = [System.DirectoryServices.Protocols.AuthType]::Ntlm $netcred = new-object "System.Net.NetworkCredential" -ArgumentList $adsvc, $adpwd, $domain $SDPConnection.Bind($netcred) [byte]$byte = "0x1" #$control = new-object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "1.2.840.113556.1.4.2066", $byte, $true, $true $control = new-object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "1.2.840.113556.1.4.2239", $byte, $true, $true $request = new-object "System.DirectoryServices.Protocols.ModifyRequest" -ArgumentList $userDN $request.Controls.Add($control) | Out-Null $modification = New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification" $modification.Name = "userPassword" $modification.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Replace $modification.Add($usrpwd) | Out-Null $request.Modifications.Add($modification) | Out-Null $result = $SDPConnection.SendRequest($request); $result