The method is called by the System.Web.Security.Membership class to reset the password for a user in the Active Directory data store to a new randomly generated value. The new password is returned.

If an incorrect answer is supplied to the ActiveDirectoryMembershipProvider.ResetPassword(string, string) method, the internal counter that tracks invalid password-answer attempts is incremented by one. This can result in the user being unable to log on until the lock status is cleared by a call to the ActiveDirectoryMembershipProvider.UnlockUser(string) method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password attempts is reset to zero. For more information, see the ActiveDirectoryMembershipProvider.MaxInvalidPasswordAttempts and ActiveDirectoryMembershipProvider.PasswordAttemptWindow properties.

Leading and trailing spaces are trimmed from all parameter values.

You can call the ActiveDirectoryMembershipProvider.ResetPassword(string, string) method directly by first obtaining a reference to the System.Web.Security.ActiveDirectoryMembershipProvider instance from the Membership.Provider property.

The provider uses a subtree search starting at the search point specified in the connection string. See the System.Web.Security.ActiveDirectoryMembershipProvider class topic for more information about connection strings.

To set passwords on an Active Directory server, the connectionProtection attribute must be set to ActiveDirectoryConnectionProtection.SignAndSeal.

When using an ADAM server, the connectionProtection attribute can be set to ActiveDirectoryConnectionProtection.None, but only if you explicitly configure the ADAM server to allow password changes over unsecured connections.

To reset a password, all of the following conditions must be true:

• The ActiveDirectoryMembershipProvider.EnablePasswordReset property must be set to true.

• The Active Directory schema must be modified to contain attributes for storing the password question and answer, and the three tracking fields for password answer changes.

• The attributeMapPasswordQuestion, attributeMapPasswordAnswer, attributMapFailedPasswordAnswerCount, attributeMapFailedPasswordAnswerTime, and attributeMapFailedPasswordAnswerLockedTime attributes must be set in the application configuration file.

• The ActiveDirectoryMembershipProvider.RequiresQuestionAndAnswer property must be set to true.

• The security context for connecting to the Active Directory data store (either the process account or the explicit credentials) must have sufficient privileges to change passwords. The credentials used to connect to the Active Directory server have either Domain Administrator rights (not recommended) or the "reset password" access right.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0