ChangePassword Method

  • Article

Changes the password on a connector space object to a new password. This method requires that you enable password synchronization for the management agent. To use this method, the value that is used for the OldPassword parameter must match the stored password.

mof
string ChangePassword( [in] string OldPassword,
 [in] string NewPassword
);

Parameters

In Language Name Data Type Description

1

  

OldPassword

string

Contains the old password. This value must match the stored password.

1

  

NewPassword

string

Contains the new password.

Name : ChangePassword

Return Value

string

Returns a string that contains the results of the method. The return value can be one of the following values or one of the values listed in WMI Provider Return Strings.

Name Description

success

The call was successful and the password was changed to the NewPassword parameter.

bad-password

The specified OldPassword parameter does not match the password for the account. Verify that you are using the correct password for this parameter.

ma-credentials-failure

The management agent was unable to log on to the connected directory using the stored credentials. Verify that the management agent credentials are correct. For more information, see “Connect to an Active Directory Forest” in the Microsoft Forefront Identity Manager 2010 (FIM) Help.

ma-encryption-not-enabled

The management agent did not set the password because 128-bit encryption is not configured on the connection that is used by the management agent to communicate with the connected directory. Enable this encryption on your network.

ma-feature-not-supported

The management agent does not support password changes.

ma-object-type-not-supported

The management agent does not support password changes on this object type.

new-password-violate-policy

The specified NewPassword parameter does not comply with the password policy that was set by the administrator. Verify that the NewPassword parameter complies with the password policy that was set by the administrator.

new-password-ill-formed

The specified NewPassword parameter cannot be used as a password because the parameter contains characters that cannot be entered from a keyboard. Verify that the NewPassword parameter contains only characters that can be entered from a keyboard.

object-newly-provisioned

The object was provisioned as a new object, but the object was not created in the connected directory. You cannot perform password operations until the object is exported to the connected directory.

object-not-found

The object was deleted from the server.

password-sync-disabled

The password synchronization setting for the specified management agent is not enabled. Enable password synchronization for the specified management agent.

partition-not-configured

The specified object is in a partition that has not yet been configured. Configure the partition with the Synchronization Service Manager. For more information, see “Configure directory partitions” in the FIM Help.

server-down

The FIM Synchronization Service server could not connect to the server that contains the partition for the object. Verify that the server that contains the partition is running and is connected to the network.

time-difference-at-dc

The new password cannot be set because the time that is indicated on the Microsoft Identity Integration server is more than five minutes from the time that is indicated on the Active Directory Domain Services (AD DS) server. By default, the time difference between servers must be less than or equal to five minutes. Synchronize the times between the servers.

Remarks

This method works only with the following management agents:

  • Management agent for Active Directory Domain Services

  • Management agent for Active Directory Application Mode (ADAM)

  • Management agent for AD DS global address list (GAL)

  • Management agent for Windows NT 4.0

  • Novell eDirectory

  • IBM DS

When you call this method, an entry is written to the event log. The entry contains information about the user who made the request, the target of the request, and the status of the request.

Example

The following example shows how you can use Microsoft Visual Basic Script (VBScript) to change the password of all objects with a specified domain and User Principal Name.

Option Explicit

On Error Resume Next

Dim Service
Dim CsObjects
Dim CsObject

Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set CsObjects = Service.ExecQuery("Select * from MIIS_CSObject where domain='main' and userPrincipalName='Jeff'")

For each CsObject in CsObjects
   WScript.Echo "ChangePassword returns " & CsObject.ChangePassword("OldPassword", "NewPassword")
Next

Sub ErrorHandler (ErrorMessage)
  WScript.Echo ErrorMessage
  WScript.Quit(1)
End Sub

Requirements

Product

Forefront Identity Manager Synchronization Service 2010

MOF

Mmswmi.mof

See Also

Reference

MIIS_CSObject Class
WMI Provider Return Strings

Concepts

WMI Provider Reference
Methods