448 views

Description

Reset AD User Password failing with "The server is unwilling to process the request"

HRESULT: [-2147016651]

Stack Trace: at System.DirectoryServices.DirectoryEntry.CommitChanges()
at CommitChanges(Object , Object[] )
at System.Management.Automation.DotNetAdapter.AuxiliaryMethodInvoke(Object target, Object[] arguments, MethodInformation methodInformation, Object[] originalArguments.

Release or Environment

All releases

Cause

This error will be thrown if the password requirement changed on the AD side in customers environment. If you are using script include "PwdCryptoSecureAutoGenPassword", it generates a password of length 8-12 characters.

If the password requirement is more than 12 characters on the AD side, AD reports following error ""The server is unwilling to process the request"

Resolution

In the script include "PwdCryptoSecureAutoGenPassword", you can modify the number of characters for password generated. Example as below, If you change the following you will get a random password generated between 13 to 19 characters.

var pwdBaseLength = secureRandom.getSecureRandomIntBound(3) + 10;//will generate a minimum of 10, max of 13
var newPwd = secureRandom.getSecureRandomString(pwdBaseLength);
var numSpecialCharacters = secureRandom.getSecureRandomIntBound(3) + 3; //change this from 1 to 3/Will generate a min of 3 max of 6

Please make changes accordingly and test in you sub-prod instance before your move these changes to production.

Article Information

Last Updated:2020-03-16 12:56:25
Published:2020-03-16