Problem
I have received the error “System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
— End of inner exception stack trace —
at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
at System.DirectoryServices.AccountManagement.SDSUtils.ChangePassword(DirectoryEntry de, String oldPassword, String newPassword)
at System.DirectoryServices.AccountManagement.ADStoreCtx.ChangePassword(AuthenticablePrincipal p, String oldPassword, String newPassword)” when I try to change an AD user password using C# code.
This is my C# code:
var userEntry = new DirectoryEntry("LDAP://<GUID=" + guid + ">"); userEntry.Invoke("ChangePassword", new object[] { oldPassword, newPassword }); userEntry.CommitChanges();
Solution
In my case, the reason for this error is that the problematic user has the property “UserCannotChangePassword” as true. You can check the user’s Account options: User cannot change password through ADUC console.