ActiveDirectoryMembershipProvider.ChangePassword Method (String, String, String)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Changes the password for the specified user.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

	Unrestricted = true)]
	Unrestricted = true)]
	Unrestricted = true)]
public override bool ChangePassword(
	string username,
	string oldPassword,
	string newPassword


Type: System.String

The name of the user to update the password for.

Type: System.String

The current password for the specified user.

Type: System.String

The new password for the specified user.

Return Value

Type: System.Boolean

true if the password was updated successfully; otherwise, false.

Exception Condition

username is empty, or exceeds the maximum length for the user name (usually 256 characters).

- or -

username contains commas.

- or -

The user name is mapped to the userPrincipalName attribute and the username parameter contains backslashes.

- or -

oldPassword or newPassword is a zero-length string.

- or -

oldPassword or newPassword exceeds the maximum password length (usually 128 characters).

- or -

newPassword is less than the minimum password size specified in the MinRequiredPasswordLength property

- or -

newPassword contains fewer than the number of non-alphabetic characters specified in the MinRequiredNonAlphanumericCharacters property.

- or -

newPassword fails validation by the regular expression defined in the PasswordStrengthRegularExpression property.


username is null.

- or -

oldPassword is null.

- or -

newPassword is null.


newPassword does not meet the complexity requirements defined by the Active Directory server.


A secure connection could not be made to an Active Directory Application Mode server.


The ChangePassword method is called before the ActiveDirectoryMembershipProvider instance is initialized.


An unhandled exception occurred.

The ChangePassword method is used to update the user's password in the Active Directory data store. Regardless of the credentials that the ActiveDirectoryMembershipProvider instance is configured to use, the provider connects to the Active Directory server using the username and oldPassword parameters as the connection credentials.

If the EnablePasswordReset property is true, the user cannot change his or her password if the account was previously locked because the user made too many attempts to answer the password question. The user will need to wait the number of minutes specified in the PasswordAnswerAttemptLockoutDuration property before changing the password.

If the password change succeeds and the EnablePasswordReset property is true, then the user's bad password answer tracking counters are reset.

The provider finds the user instance to update by performing a subtree search for the user name starting at the search point specified in the connection string. See the ActiveDirectoryMembershipProvider class topic for more information about connection strings.

To change passwords on an Active Directory server the connectionProtection attribute must be set to SignAndSeal.

When using an ADAM server, the connectionProtection attribute can be set to None, but only if you explicitly configure the ADAM server to allow password change over unsecured connections.

.NET Framework
Available since 2.0
Return to top