The ActiveDirectoryMembershipProvider.ChangePassword(string, string, string) method is used to update the user's password in the Active Directory data store. Regardless of the credentials that the System.Web.Security.ActiveDirectoryMembershipProvider instance is configured to use, the provider connects to the Active Directory server using the username and oldPassword parameters as the connection credentials.

If the ActiveDirectoryMembershipProvider.EnablePasswordReset property is true, the user cannot change his or her password if the account was previously locked because the user made too many attempts to answer the password question. The user will need to wait the number of minutes specified in the ActiveDirectoryMembershipProvider.PasswordAnswerAttemptLockoutDuration property before changing the password.

If the password change succeeds and the ActiveDirectoryMembershipProvider.EnablePasswordReset property is true, then the user's bad password answer tracking counters are reset.

The provider finds the user instance to update by performing a subtree search for the user name starting at the search point specified in the connection string. See the System.Web.Security.ActiveDirectoryMembershipProvider class topic for more information about connection strings.

To change passwords on an Active Directory server the connectionProtection attribute must be set to ActiveDirectoryConnectionProtection.SignAndSeal.

When using an ADAM server, the connectionProtection attribute can be set to ActiveDirectoryConnectionProtection.None, but only if you explicitly configure the ADAM server to allow password change over unsecured connections.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 2.0.0.0
Since: .NET 2.0