Skip to main content
Using Java To Reset AD Password

Using Java To Reset AD Password

·484 words·3 mins
Mike Curtis
Author
Mike Curtis
Maintaining a live technical reference library.

sample code to pull the distinguished name of a user and then update its password with a random new password

import javax.naming.*;
import javax.naming.directory.*;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import java.util.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class ADPasswordReset {
	//DirContext ldapContext;

	public static String updatePassword(String serverIP, String Principal,String PrincipalPassword,  String username) {
		try {
			trustSelfSignedSSL();
			Hashtable ldapEnv = new Hashtable(11);
			ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
			ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":636");
			ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
			ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal);
			ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword);
			ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
			DirContext ldapContext = new InitialDirContext(ldapEnv);

			int codeCount = 8;
			String allChar = "0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z";
			String[] allCharArray = allChar.split(",");
			String randomCode = "";
			 int temp = -1;

			java.util.Random rand = new java.util.Random();
			int ii = 0;
			 for (ii=0; ii < codeCount; ii++) {
				if (temp != -1)
			        	{
			        		rand = new java.util.Random(ii * temp * ((int)System.currentTimeMillis()));
			        	}
			        	int t = rand.nextInt(36);
			        	temp = t;
			        	randomCode += allCharArray[t];
		        }

			char quotes ='"';
			String quotedPassword = quotes + randomCode + quotes;
			
			char[] unicodePwd=new  char[quotedPassword.length()];
			unicodePwd = quotedPassword.toCharArray();			
			
			byte[] pwdArray = new byte[unicodePwd.length * 2];
			int i = 0;
			for (i=0; i<unicodePwd.length; i++) {
				pwdArray[i*2 + 1] = (byte) (unicodePwd[i] >>> 8);
				pwdArray[i*2 + 0] = (byte) (unicodePwd[i] & 0xff);
			}
			javax.naming.directory.ModificationItem[] mods = new javax.naming.directory.ModificationItem[1];
			mods[0] = new javax.naming.directory.ModificationItem(javax.naming.directory.DirContext.REPLACE_ATTRIBUTE,
			new javax.naming.directory.BasicAttribute("UnicodePwd", pwdArray));
			ldapContext.modifyAttributes(username , mods);
			return randomCode;
		}
		catch (Exception e) {
			return e.toString();
		}
	}

	  public static String pullUserDn(String serverIP, String Principal,String PrincipalPassword,  String domain,String query){
		  try{
			  trustSelfSignedSSL();
			  Hashtable ldapEnv = new Hashtable(11);
			  ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
			  ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":636");
			  ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
			  ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal);
			  ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword);
			  ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
			  DirContext ldapContext = new InitialDirContext(ldapEnv);
			
	          SearchControls ctrl = new SearchControls();
	          ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);


	          NamingEnumeration enumeration = ldapContext.search(domain, query, ctrl);
              SearchResult result = (SearchResult) enumeration.next();

              Attributes attribs = result.getAttributes();
              return (String) attribs.get("distinguishedname").get(0);

		  }catch(Exception ex) {
		      return ex.toString();
		  }
	  }
	  public static String pullUserSamAName(String serverIP, String Principal,String PrincipalPassword,  String domain, String query){
		  try{
			  trustSelfSignedSSL();
			  Hashtable ldapEnv = new Hashtable(11);
			  ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
			  ldapEnv.put(Context.PROVIDER_URL, "ldap://" + serverIP + ":636");
			  ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
			  ldapEnv.put(Context.SECURITY_PRINCIPAL, Principal);
			  ldapEnv.put(Context.SECURITY_CREDENTIALS, PrincipalPassword);
			  ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
			  DirContext ldapContext = new InitialDirContext(ldapEnv);
			
	          SearchControls ctrl = new SearchControls();
	          ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);


	          NamingEnumeration enumeration = ldapContext.search(domain, query, ctrl);
              SearchResult result = (SearchResult) enumeration.next();

              Attributes attribs = result.getAttributes();
              System.out.println(attribs);
              return (String) attribs.get("samaccountname").get(0);

		  }catch(Exception ex) {
		      return ex.toString();
		  }
	  }
	  public static void trustSelfSignedSSL() {
		  try {
		      SSLContext ctx = SSLContext.getInstance("TLS");
		      X509TrustManager tm = new X509TrustManager() {

		          public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
		          }

		          public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
		          }

		          public X509Certificate[] getAcceptedIssuers() {
		              return null;
		          }
		      };
		      ctx.init(null, new TrustManager[]{tm}, null);
		      SSLContext.setDefault(ctx);
		  } catch (Exception ex) {
		      ex.printStackTrace();
		  }
	  }
	  public static void main (String[] args){
		  String Pn = "dn of service account";
		  String Ss = "dn of your domain";
		  String Pp = "service account password";
		  String Sip = "server ip";
		  String s = "LDAP attribute to search by";
		  String DnofUser = pullUserDn(Sip, Pn, Pp, Ss, s);
		  System.out.println("Got: "+DnofUser);
		  String samUser = pullUserSamAName(Sip, Pn, Pp, Ss, s);
		  System.out.println("Got: "+samUser);
		  System.out.println(updatePassword(Sip, Pn, Pp, DnofUser));
		  
	  }
}
Related Reading & Resources
For more information about me, check out my bio.