Validating AD credentials when the user’s password “must be changed at next logon” using C#

We have several AD controllers in our setup. On controllers running Windows Server 2008 R2, this is not an issue. But if your code is hitting AD controllers running Windows server 2003, the PrincipalContext.ValidateCredentials method will always return false on users that have the “user must change password at next logon” checkbox checked; even if the username and password combination is valid.

The code below is a workaround for the Windows 2003 servers. It pretty much unchecks the checkbox, then validates the credentials, and then re-checks the checkbox.

var adContext = new PrincipalContext(ContextType.Domain, adLocation, adContainer, adAdminUsername, adAdminPassword);

var initialValidation = adContext.ValidateCredentials(username, password);
Console.WriteLine("Initial validation returned: " + initialValidation);

if (!initialValidation)
{
    // maybe validation failed because "user must change password at next logon".
    // let's see if that is the case.

    var user = UserPrincipal.FindByIdentity(adContext, username);
    if (user.LastPasswordSet == null)
    {
        // the user must change his password at next logon. So this might be
        // why validation returned false

        // uncheck the "change password" checkbox and attempt validation again

        var deUser = user.GetUnderlyingObject() as DirectoryEntry;
        var property = deUser.Properties["pwdLastSet"];
        property.Value = -1;
        deUser.CommitChanges();

        // property was unset, retry validation
        adContext.ValidateCredentials(username, password);
        Console.WriteLine("Secondary validation returned: " + adContext.ValidateCredentials(username, password));

        // re check the checkbox
        property.Value = 0;
        deUser.CommitChanges();
  }
}

Unlocking your Verizon phone

I currently own a Verizon HTC Incredible 2 cell phone.

I’m happy with Verizon (they’re the only ones that have good signal inside my house). But when I go outside the USA (I go to Guatemala often), I want to be able to switch the SIM card to one that works with a local mobile service providers. Otherwise I would have to use roaming with Verizon and that is ridiculously expensive.

I gave Verizon a call and they quickly gave me the  “unlock” code for me to enter in my phone. After entering the code, the phone was immediately unlocked! They only made me agree to a very obvious agreement that if I stick another SIM card in there I acknowledged that I was no longer using the Verizon service and Verizon could would not support me while I had that third party SIM card in my phone. But if I then switched back to my Verizon SIM card and ran my phone in CDMA (or Global) mode, I would be supported again.

And one more thing, Verizon uses CDMA. SIM cards are used for GSM. So I tried removing my Verizon SIM card from my phone and I was still able to get Verizon service. Nice to know.

I then stuck a SIM card from a friend that uses T-mobile and switched my Incredible’s mode to GSM, I could make and receive calls as him. Very cool.