sample code to pull the distinguished name of a user and then update its password with a random new password
import javax.naming.*;
import javax.naming.directory.*;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.util.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class ADPasswordReset {
//DirContext ldapContext;
public static String updatePassword(String serverIP, String Principal,String PrincipalPassword, String username) {
try {
trustSelfSignedSSL();
Hashtable ldapEnv = new Hashtable(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":636");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal);
ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword);
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
DirContext ldapContext = new InitialDirContext(ldapEnv);
int codeCount = 8;
String allChar = "0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z";
String[] allCharArray = allChar.split(",");
String randomCode = "";
int temp = -1;
java.util.Random rand = new java.util.Random();
int ii = 0;
for (ii=0; ii < codeCount; ii++) {
if (temp != -1)
{
rand = new java.util.Random(ii * temp * ((int)System.currentTimeMillis()));
}
int t = rand.nextInt(36);
temp = t;
randomCode += allCharArray[t];
}
char quotes ='"';
String quotedPassword = quotes + randomCode + quotes;
char[] unicodePwd=new char[quotedPassword.length()];
unicodePwd = quotedPassword.toCharArray();
byte[] pwdArray = new byte[unicodePwd.length * 2];
int i = 0;
for (i=0; i<unicodePwd.length; i++) {
pwdArray[i*2 + 1] = (byte) (unicodePwd[i] >>> 8);
pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff);
}
javax.naming.directory.ModificationItem[] mods = new javax.naming.directory.ModificationItem[1];
mods[0] = new javax.naming.directory.ModificationItem(javax.naming.directory.DirContext.REPLACE_ATTRIBUTE,
new javax.naming.directory.BasicAttribute("UnicodePwd", pwdArray));
ldapContext.modifyAttributes(username , mods);
return randomCode;
}
catch (Exception e) {
return e.toString();
}
}
public static String pullUserDn(String serverIP, String Principal,String PrincipalPassword, String domain,String query){
try{
trustSelfSignedSSL();
Hashtable ldapEnv = new Hashtable(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":636");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal);
ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword);
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
DirContext ldapContext = new InitialDirContext(ldapEnv);
SearchControls ctrl = new SearchControls();
ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration enumeration = ldapContext.search(domain, query, ctrl);
SearchResult result = (SearchResult) enumeration.next();
Attributes attribs = result.getAttributes();
return (String) attribs.get("distinguishedname").get(0);
}catch(Exception ex) {
return ex.toString();
}
}
public static String pullUserSamAName(String serverIP, String Principal,String PrincipalPassword, String domain, String query){
try{
trustSelfSignedSSL();
Hashtable ldapEnv = new Hashtable(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":636");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal);
ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword);
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
DirContext ldapContext = new InitialDirContext(ldapEnv);
SearchControls ctrl = new SearchControls();
ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration enumeration = ldapContext.search(domain, query, ctrl);
SearchResult result = (SearchResult) enumeration.next();
Attributes attribs = result.getAttributes();
System.out.println(attribs);
return (String) attribs.get("samaccountname").get(0);
}catch(Exception ex) {
return ex.toString();
}
}
public static void trustSelfSignedSSL() {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLContext.setDefault(ctx);
} catch (Exception ex) {
ex.printStackTrace();
}
}
public static void main (String[] args){
String Pn = "dn of service account";
String Ss = "dn of your domain";
String Pp = "service account password";
String Sip = "server ip";
String s = "LDAP attribute to search by";
String DnofUser = pullUserDn(Sip, Pn, Pp, Ss, s);
System.out.println("Got: "+DnofUser);
String samUser = pullUserSamAName(Sip, Pn, Pp, Ss, s);
System.out.println("Got: "+samUser);
System.out.println(updatePassword(Sip, Pn, Pp, DnofUser));
}
}