- LdapException.ServerErrorMessage
What setting / condition "decides" weather or not the LdapException.ServerErrorMessage is populated with the correct value when an account is set to MustChangePassword.
8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 773, v1db0
instead of
comment: AcceptSecurityContext error, data 0
- ComponentModel.Win32Exception
when using LogonUser from advapi32.dll and catching the ComponentModel.Win32Exception
the NativeErrorCode property sometimes is blank event when the account is set to user must change passeord.
Background:
the context is always within a Enterprise admin user. ( IE the executable / windows service is launched under the Ent. Admin user )
the application I am working on needs to validate user logons ( and return the correct reason why a failure occurs ( locked, change password disabled etc) in a multi forest environment with full trusts between the forest roots. some of the domains are 2003 r2 some are 2008 r2 and some are 2012. I am noticing the lack of reasons coming back when dealing with the 2003 r2 AD machines. btw if the account is NOT set to change password or is locked I am always able to validate the positives )