SetPassword Method of the MIIS_CSObject Class
The SetPassword method sets the password on a connector space object to a new password. This method requires that password synchronization be enabled for the management agent. To use this method, you must be logged on as a member of the MIISPasswordSet security group.
Syntax
string SetPassword(
[in] string NewPassword,
[in] bool ForceChangeAtLogon,
[in] bool UnlockAccount
);
Parameters
NewPassword [in]
Contains the new password.ForceChangeAtLogon [in]
True to force a user password change at the next logon. The default is False.Note This flag works only with the Management agent for Active Directory and the Management agent for Active Directory global address list (GAL). For other management agents, the operation-not-supported exception will be thrown.
UnlockAccount [in]
True to unlock an account in the CD. The default is False.Note This flag works only with the Management agent for Active Directory and the Management agent for Active Directory global address list (GAL). For other management agents, the operation-not-supported exception will be thrown.
Return Value
Returns a string that contains the results of the method. The return value can be one of the following values.
| Return code | Description |
|---|---|
success |
The call was successful and the password was changed to the NewPassword parameter. |
access-denied |
The account that is calling this method is not a member of the appropriate group that can change passwords in the connected data source. Verify that the account running this method can change passwords in the connected data source. |
ma-access-denied |
The account with the management agent does not have the right to set the password. Verify that the account running the management agent can change passwords in the connected data source. |
ma-concurrent-execution |
The management agent cannot set the password because either another management agent of the same type is currently executing or a Set Password call is being made on a management agent of the same type. In ILM 2007 FP1, this error is returned by Lotus Notes management agents. |
ma-credentials-failure |
The management agent was unable to log on to the connected directory using the stored credentials. Verify that the management agent credentials are correct. For more information about configuring Active Directory management agent credentials, see "Connect to an Active Directory Forest" in the ILM 2007 FP1 Help. For more information about configuring the credentials for the management agent for Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server) and Netscape Directory Server 6.1, see "Specify logon information" in the ILM 2007 FP1 Help. |
ma-encryption-not-enabled |
The management agent did not set the password because 128-bit encryption has not been configured on the connection used by the management agent to communicate with the connected directory. Enable this encryption on your network. |
ma-feature-not-supported |
The management agent does not support password changes. |
ma-object-type-not-supported |
The management agent does not support password changes on this object type. |
new-password-ill-formed |
The specified NewPassword parameter cannot be used as a password because the parameter contains characters that cannot be entered from a keyboard. Verify that the NewPassword parameter contains only characters that can be entered from a keyboard. |
new-password-violate-policy |
The specified NewPassword parameter does not comply with the password policy set by the administrator. Verify that the NewPassword parameter complies with the password policy set by the administrator. |
object-newly-provisioned |
The object has been provisioned as a new object but the object has not been created in the connected directory. You cannot perform password operations until the object has been exported to the connected directory. |
object-not-found |
The object has been deleted from the server. |
password-sync-disabled |
The password synchronization setting for the specified management agent is not enabled. Enable password synchronization for the specified management agent. |
partition-not-configured |
The specified object is in a partition that has not yet been configured. Configure the partition with Identity Manager. For more information about configuring an Active Directory partition, see "Configure directory partitions" in the ILM 2007 FP1 Help. |
server-down |
The ILM 2007 FP1 server could not connect to the server containing the partition for the object. Verify that the server containing the partition is running and connected to the network. |
time-difference-at-dc |
The new password cannot be set because the time indicated on the MIIS is greater than five minutes from the time indicated on the Active Directory server. By default, the time difference between servers must be less than or equal to five minutes. Synchronize the times between the servers. |
Remarks
This method works only with the following management agents:
- Management agent for Active Directory
- Management agent for Active Directory Application Mode (ADAM)
- Management agent for Active Directory global address list (GAL)
- Management agent for Lotus Notes Release 4.6 or 5.0
- Management agent for Novell eDirectory 8.62 or 8.7
- Management agent for Windows NT 4.0
- Management agent for Sun ONE Directory Server 4.1x and 5.x (formerly iPlanet Directory Server) and Netscape Directory Server 4.1 and 6.01
For the management agent for Active Directory and the management agent for Active Directory global address list (GAL), the preferred domain controller is used to locate the server with the partition that contains the connector space object.
When you call the SetPassword method, an entry is written to the event log. The entry contains information about who made the request, the target of the request, and the status of the request.
Examples
The following example shows how to use Visual Basic Scripting Edition (VBScript) to set the password of the account Jeff in the main domain to NewPassword.
Option Explicit
on Error Resume Next
Dim Service
Dim CsObjects
Dim CsObject
Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set CsObjects = Service.ExecQuery("Select * from MIIS_CSObject where domain='main' and account='Jeff'")
For Each CsObject in CsObjects
WScript.Echo "SetPassword returns " & CsObject.SetPassword("NewPassword")
Next
Sub ErrorHandler (ErrorMessage)
WScript.Echo ErrorMessage
WScript.Quit(1)
End Sub
The following example shows how to use Visual Basic Scripting Edition (VBScript) to set the password of the account Jeff in the main domain to NewPassword. It also forces the user to change the password at the next logon.
Option Explicit
on Error Resume Next
Dim Service
Dim CsObjects
Dim CsObject
Dim ForcePasswordChange
Dim UnlockAccount
Set Service = GetObject("winmgmts:root\MicrosoftIdentityIntegrationServer")
Set CsObjects = Service.ExecQuery("Select * from MIIS_CSObject where domain='main' and account='Jeff'")
ForcePasswordChange = true 'this forces the user to change the password at next logon.
UnlockAccount = true 'this unlocks the account in cases the account was locked out.
For Each CsObject in CsObjects
WScript.Echo "SetPassword returns " & CsObject.SetPassword("NewPassword", ForcePasswordChange, UnlockAccount)
Next
Sub ErrorHandler (ErrorMessage)
WScript.Echo ErrorMessage
WScript.Quit(1)
End Sub
Requirements
| Product | ILM 2007 FP1 |
| MOF | Mmswmi.mof |
Send comments about this topic to Microsoft
Build date: 2/16/2009