Q. How can I create a Web page where users can change their passwords?

A. You can write an Active Server Pages (ASP) script that creates a password-change Web page. ASP gives you complete access to Microsoft Active Directory Service Interfaces (ADSI), which lets you perform a variety of functions, such as changing passwords or creating accounts. When you write such a script, you must consider factors such as the user account under which the script will run and the permissions you want to use when the script runs. The basic ADSI command to change a user's password is

set usr = GetObject("LDAP://CN=John


usr.put "userPassword", NewPassword

The first line (shown as two lines because of space constraints) assigns a handle to user John Savill in domain savilltech.com. The next line puts the text NewPassword into the userPassword attribute.

I've written a short ASP script called Changepass.asp that prompts the user to enter a username and password (remember to change the domain from savilltech.com to your domain). Changepass.asp, which is available at code , is listed below.

strUserCN = request.form("cn")
strNewPassword = request.form("newpass")
strPassVerify = request.form("passverify")

if strUserCN="" then
    response.write "&lthtml&gt&lthead&gt&lttitle&gtChange Password&lt/title&gt&lt/head&gt&ltbody&gt"
    response.write "&ltcenter&gt&lth1&gtWeb Password Reset&lt/h1&gt&lt/center&gt"
    response.write "&lthr&gt&ltbr&gt&ltbr&gt&ltform method=post action=changepass.asp&gt&lttable&gt"
    response.write "&lttr&gt&lttd&gtCN: &lt/td&gt&lttd&gt&ltinput type=text name=cn&gt&lt/td&gt&lttr&gt"
    response.write "&lttr&gt&lttd&gtNew Password: &lt/td&gt&lttd&gt&ltinput type=password name=newpass&gt&lt/td&gt&lt/tr&gt"
    response.write "&lttr&gt&lttd&gtVerify Password: &lt/td&gt&lttd&gt&ltinput type=password name=passverify&gt&lt/td&gt&lt/tr&gt"
    response.write "&lttr&gt&lttd colspan=2 align=center&gt&ltinput type=submit value='Reset Password'&gt&lt/td&gt&lt/tr&gt"
    response.write "&lt/table&gt&lt/body&gt&lt/html&gt"

if strNewPassword = strPassVerify then

set usr = GetObject("LDAP://CN=" & strUserCN & ",CN=Users,DC=savilltech,DC=com")

usr.put "userPassword", strNewPassword

response.write "&lthtml&gt&lthead&gt&lttitle&gtResults&lt/title&gt&lt/head&gt&ltcenter&gt&lth1&gtUpdate Results&lt/h1&gt&lt/center&gt&lthr&gt&ltbr&gt&ltbr&gt"
response.write strUserCN & ": password was successfully updated"


    response.write "&lthtml&gt&lthead&gt&lttitle&gtError!&lt/title&gt&lt/head&gt&ltbody&gt"
    response.write "&ltcenter&gt&lth1&gtAn Error Has Occurred!&lt/h1&gt&lt/center&gt"
    response.write "&lthr&gt&ltbr&gt&ltbr&gt"
    response.write "The password and confirmation do not match. Please go back and try again."

end if
end if

Windows Server 2003 provides its own Web pages for password changes, which I discuss in the FAQ "Does Windows Server 2003 provide a way to let users change their passwords remotely on the Web?". However, you might find the sample ASP script useful for creating password-change interfaces on your own Web pages or sites.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.