Changing user password in Active Directory using the JNDI GSS-API/Kerberos5

Similar Messages

• Change password in Active Directory using the JNDI GSS-API/Kerberos

  Hi
  I am trying to the JNDI GSS-API to change a user password.
  When I actually try to change the password using ctx.modifyAttributes(userName, mods), I get the exception:
  09:39:38,163 ERROR [STDERR] javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 ]; remaining name 'CN=USER,OU=Usuarios,DC=testead,DC=br'
  Here's my java code:
  public class ChangePasswordLDAPCommand implements Command {
       static Logger logger = Logger.getLogger(ChangePasswordLDAPCommand.class.getName());
       @SuppressWarnings("unchecked")
       public boolean execute(org.apache.commons.chain.Context context) throws ApplicationException {
            logger.info("Início - execute");
            try {
                 CoreConfig config = CoreConfig.getInstance();
                 String userName = config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_NAME);
                 char[] password = config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_PASSWORD).toCharArray();
                 Subject subject = new Subject();
                 Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
                 Map<String, String> map = new HashMap<String, String>();
                 Map<String, String> shared = new HashMap<String, String>();
                 map.put("com.sun.security.auth.module.Krb5LoginModule","required");
                 map.put("client","true");
                 map.put("useTicketCache","true");
                 map.put("doNotPrompt","true");
                 map.put("useKeyTab","true");
                 map.put("useFirstPass","true");
                 map.put("refreshKrb5Config","true");
                 logger.info(">>>>> map.toString(): "+map.toString());
                 shared.put("javax.security.auth.login.name", config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_NAME));
                 shared.put("javax.security.auth.login.password", config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_PASSWORD));
                 shared.put("javax.net.debug","SSL,handshake,trustmanager");
                 shared.put("sun.security.krb5.debug","true");
                 shared.put("com.sun.jndi.ldap.connect.pool.timeout","30000");
                 logger.info(">>>>> shared.toString(): "+shared.toString());
                 krb5LoginModule.initialize(subject, new UserNamePasswordCallbackHandler(userName,password),shared,map);
                 krb5LoginModule.login();
                 if(krb5LoginModule.commit()){
                      //Recupera o usuario a ser alterado
                      UsuarioTOLDAP usuarioTO = (UsuarioTOLDAP) context.get(CoreConfig.USUARIO_TO_LDAP);
                      logger.info(">>>>>>>>>>>>>>>>>>>>>> subject.toString(): "+subject.toString());
                      Subject.doAsPrivileged(subject, new JndiAction(usuarioTO), null);
            } catch (LoginException e) {
                 e.printStackTrace();
            } catch (PrivilegedActionException e) {
                 e.printStackTrace();
            logger.info("Fim - execute");
            return Command.CONTINUE_PROCESSING;
  @SuppressWarnings("unchecked")
  public class JndiAction implements java.security.PrivilegedExceptionAction{
       private static Logger logger = Logger.getLogger(JndiAction.class.getName());
       private UsuarioTOLDAP usuarioTOLDAP = null;
       public JndiAction(UsuarioTOLDAP usuarioTO) {
            this.usuarioTOLDAP = usuarioTO;
       public Object run() {
            performJndiOperation(usuarioTOLDAP);
            return null;
       @SuppressWarnings("unchecked")
       private static void performJndiOperation(UsuarioTOLDAP usuarioTOLDAP){
            logger.info(">>>>> entrei na JndiOperation");
            try {
                 CoreConfig config = CoreConfig.getInstance();          
                 String distinguishedName = "";
                 String keystore = "C:/Documents and Settings/user/.keystore";
                 System.setProperty(CoreConfig.JAVAX_NET_SSL_TRUSTSTORE,keystore);
                 System.setProperty("com.sun.jndi.ldap.connect.pool.timeout","30000");
                 System.setProperty("javax.net.debug","all");
                 System.setProperty("sun.security.krb5.debug","true");
                 Hashtable env = new Hashtable();
                 env.put(Context.INITIAL_CONTEXT_FACTORY, CoreConfig.INITIAL_CONTEXT_FACTORY);
                 env.put(Context.PROVIDER_URL, config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_URL));
                 env.put(Context.SECURITY_AUTHENTICATION, CoreConfig.SECURITY_PROTOCOL_GSSAPI);
                 env.put(Context.SECURITY_PRINCIPAL, config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_NAME));
                 env.put(Context.SECURITY_CREDENTIALS, config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_ADMIN_PASSWORD));
                 env.put(CoreConfig.JAVAX_NET_SSL_TRUSTSTORE,keystore);
                 env.put("javax.security.sasl.qop","auth-int");
                 env.put("javax.security.sasl.strength","high");
                 env.put("javax.security.sasl.server.authentication","true");
                String userName = "CN=USER,"+config.getProperty(CoreConfig.PARAM_CONFIG_LDAP_BASE_DN);
                 // Cria o contexto inicial de acesso ao LDAP
                 //DirContext ctx = new InitialDirContext(env);
                 // Create the initial directory context
                 LdapContext ctx = new InitialLdapContext(env,null);
                 //set password is a ldap modfy operation
                 ModificationItem[] mods = new ModificationItem[1];
                 //Replace the "unicdodePwd" attribute with a new value
                 //Password must be both Unicode and a quoted string
                 String newQuotedPassword = "\"" + usuarioTOLDAP.getNovaSenha() + "\"";
                 byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                 mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                 // Perform the update
                 ctx.modifyAttributes(userName, mods);
                 ctx.close();
            } catch (NamingException e1) {
                 e1.printStackTrace();
            } catch (UnsupportedEncodingException e) {
                 e.printStackTrace();
            } catch (IOException e) {
                 // TODO Auto-generated catch block
                 e.printStackTrace();
  }Edited by: c0m4nch3 on Jan 21, 2010 12:13 PM

  Refer to my response for a similar question in http://forums.sun.com/thread.jspa?threadID=5416736
  Also the following may be related: http://forums.sun.com/thread.jspa?threadID=5196192
  Good luck.

• Problem during the changing of  Password in Active Directory

  Hello All !
  I am facing a problem during the password modification
  in active directory, i got the same exception as other are getting i.e
  javax.naming.OperationNotSupportedException: [LDAP: error code  53 - 00002077: SvcErr: DSID-03190959, problem 5003 (WILL_NOT_PERFORM), data 0
                     Can any body help me how i will come to know that 128 bit
    Encryption is done successfully. Although i Installed the  MS High Encryption  Pack but it's registry is not done in Conrol Panel.
  is this a problem(as i think) ?
      I am giving the code please check it out->
                        import java.util.Hashtable;
  import javax.naming.*;
  import javax.naming.ldap.*;
  import javax.naming.directory.*;
  //import java.io.*;
  //import javax.net.ssl.*;
  //import java.security.*;
  import java.io.UnsupportedEncodingException;
  public class setpassword
       public static void main (String[] args)
            Hashtable env = new Hashtable();
            String adminPassword = "";
            String userName = "ou=MCA,ou=Trainee,dc=ControlsNet,dc=local";
            String newPassword = "yadav";
            String keystore = "D:\\j2sdk1.4.2_12\\jre\\lib\\security\\cacerts";
            System.setProperty("javax.net.ssl.trustStore",keystore);
            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.SECURITY_AUTHENTICATION,"simple");
            env.put(Context.SECURITY_PRINCIPAL,"[email protected]");
            env.put(Context.SECURITY_CREDENTIALS,adminPassword);
            env.put(Context.SECURITY_PROTOCOL,"ssl");
            String ldapURL = "ldap://gateway.ControlsNet.local:636/";
            env.put(Context.PROVIDER_URL,ldapURL);
            try {
                 LdapContext ctx = new InitialLdapContext(env,null);
            ModificationItem[] mods = new ModificationItem[1];
                 String newQuotedPassword = "\"" + newPassword + "\"";
                 byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                 mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                 ctx.modifyAttributes(userName, mods);
            System.out.println("Reset Password for: " + userName);     
                 ctx.close();
            catch (NamingException e) {
                 System.out.println("Problem resetting password: " + e);
            catch (UnsupportedEncodingException e) {
                 System.out.println("Problem encoding password: " + e);
  Please reply me immideiately as soon as you see this problem.
  I think some of u already solved this problem. thanks in advance.

  Believe it or not, looks similar to the problem in the post http://forum.java.sun.com/thread.jspa?threadID=580113&tstart=0
  More unbelievable is the huge security hole in your network !String adminPassword = "";
  env.put(Context.SECURITY_PRINCIPAL,"[email protected]");
  env.put(Context.SECURITY_CREDENTIALS,adminPassword);An administrator with a blank password !
  The ldap standard (rfc 2251) defines an anonymous user as a user with a null passsword. By default, Active Directory does not allow anonymous users to perform searches against the directory, let alone reset a user's password.

• Mac os x wiki server can't authenticate user password from active directory recently after we upgraded to windows 2008 server.

  after upgraded to windows 2008 server, our  mac os x wiki server can't authenticate user password anymore. How can I re-bind the wiki server to the AD again? thanks in advance.

  Solved it by deleting the user and creating a new one with the same userID.
  Maybe it occured because I marked the "user has to change password after first login" box when resetting the password but didn't yet allow him to do so in the webpages menu?!?

• My 5-minute-old AppleId account was disabled immediately for security reasons. I have followed instructions carefully and although I seem to be able to change my password, I cannot login using the new password bcs account disabled for security reasons!

  It is probably something to do with the fact that I am in the Philippines, but what am I supposed to do? According to the support options I have to pay to open a support ticket. My account was not verified when it was disabled and I think I might be in some sort of deadlock in which the password reset won't work because I'm not verified, and the verification won't work because I can't log in.
  I've never bought a single Apple product before and this has got to be the worst intro I could have imagined!

  Solved.
  After about an hour on the phone with US support (who were very helpful I must say) it turns out that if you do not have an iTunes account with credit card information and a billing address, you are very much more likely to get your AppleId account disabled "for security reasons". This begs the question of course as to whose security we are talking about here! But there you go. If you are an Apple first-timer, get an iTunes account, fill in all your details, and you should be alright.
  Thanks for everyone's suggestions.

• Cisco ISE Failure: 24408 User authentication against Active Directory failed since user has entered the wrong password

  Hi,
  Since we implemented Cisco ISE we receive the following failure on several Notebooks:
  Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
  This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
  The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
  Why is this happening?
  Thanks,
  Marc

  The possible causes of this error message are:
  1.] If the end user entered an incorrect username.
  2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
  3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
  In your cases, the 3rd option seems to be the most closest one.
  Jatin Katyal
  - Do rate helpful posts -

• How Can I change all User Passwords Within a Directory Instance

  Hi Experts,
  I've been asked to refresh an old directory instance with some production data.  Easy enough I thought, however, the user has requested that all user passwords within the old directory instance are preserved.  Is that at all possible?  My chain of thought was that I can extract user passwords from the old instance into a file: -
  # ldapsearch -D cn="Directory Manager" -w xxxxxxxx -b o=xxxxxxx objectclass=* userpassword > <name of file>
  And then then use ldapmodify (or alike) to re-import the user passwords once I've refresh the old instance with the production data.  However, to my knowledge, in order to modify a particular entry via a file, i'd need the following format: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  The only information I have in the file I created using the ldapsearch command above is as follows: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  I don't want to have to edit the file and add the relevant missing entries accordingly as the generated file has somewhere in the region of 150 thousand entries.
  Am I approaching this the correct way?  Is there any other mean of achieving my requirement.
  Thanks in Advance.

  Hi,
  It does not seem a big deal to add the missing lines to your output file.
  For instance, the following awk command should do the trick
  cat search.out
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  cat search.out | awk '/userpassword/ {print "changetype: modify} ; print "replace: userpassword"; }  {print $0}
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  Then you can use ldapmodify to apply your changes
  -Sylvain

• Creating MailBox-enabled Users In Active Directory Using JNDI

  Thanks to the Various code samples i have come across in this forum i have been able to use the JNDI API to add a new user to the Microsoft Active directory.
  The user account that was added using a combination of the various code samples was already enabled. but the problem is that the user does not have an Exchange MailBox created/enabled as well.
  When attempts were made to access the users IMAP mailbox from an external webmail client, the following message:
  "No Such Object On The Server"
  Was Recieved.
  I am wondering wether there is an attribute i am missing out. or something.
  i would welcome any suggestions.
  please treat as urgent.
  thank you in anticipation
  Below is the list of attributes i set:
  BasicAttributes ba=new BasicAttributes();
  ba.put(new BasicAttribute("userPrincipalName","[email protected]"));
  ba.put(new BasicAttribute("sAMAccountName","fagu"));
  ba.put(new BasicAttribute("title","Anyhow"));
  ba.put(new BasicAttribute("mail","[email protected]"));
  ba.put(new BasicAttribute("mailNickname","fagu"));
  ba.put(new BasicAttribute("objectClass","user"));
  ba.put(new BasicAttribute("displayName","Festus Agu"));
  ba.put(new BasicAttribute("sn","Agu"));
  ba.put(new BasicAttribute("userAccountControl","66048"));
  //ba.put(new BasicAttribute("unicodePwd ","fagu"));
  ba.put(new BasicAttribute("mDBUseDefaults","TRUE"));
  ba.put(new BasicAttribute("homeMTA","CN=Microsoft MTA,CN=XSOCKET2,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=SocketWorks,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=socketworkscorp,DC=localdomain"));
  ba.put(new BasicAttribute("msExchHomeServerName", "/o=SocketWorks/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=XSOCKET2"));
  ba.put(new BasicAttribute("distinguishedName","CN=Festus"));

  I am trying to create a MailBox enabled user in AD.I am setting all the attributes that are mentioned above.
  Still i am unable to create a user.I guess i am messing up with password and getting error "javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031D0AAB,
  problem 5003 (WILL_NOT_PERFORM), data 0"
  Is it that SSL is must to create a user.I saw a certificate on Exchange server.But i am using a simple protocal to create a user.
  Please help me with the steps needed to create a user if i have to use SSL or is there is any settings to be turned on the server.
  Thanks!!
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             

• Problem in provisioning user from oim to active directory using ssl

  hi,
  problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
  15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
  15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
  AvailableAD():simple bind failed: 172.16.30.35:636
  15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
  me problems: Must set a query before executing
  com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
  at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
  at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
  at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
  at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
  at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
  nnectToAvailableNextAD(Unknown Source)
  at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
  archResultPageEnum(Unknown Source)
  at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
  known Source)
  at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
  ce)
  at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
  at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
  on.run(Unknown Source)
  at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
  at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
  ource)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
  ava:520)
  can any one help.
  Thanks and Regards,
  praveen,

  Are you able to connect to AD over SSL through some LDAP Browser ?
  Check the validity of Certificate ?
  Does your certificate appear in the list ?

• How to use Powershell to update user details in Active Directory?

  Hi,
  I received an updated contact list from HR of about 1500 names, and I want to update (make corrections and add missing data) ADUC quickly without having to do each user manually. How would I go about that using power-shell?
  The fields that need updating are:
  Under the General tab -> Description, Telephone number
  Everything under the Address tab
  Under the Telephone tab - > Mobile
  Under the Organization tab -> Job Title, Department, Company, Manager
  The server we're using is Windows Server 2008 R2.
  Many thanks,
  Nick

  There are 100 of such scripts are there online.
  here are few tips and codes. you will get more.  
  https://gallery.technet.microsoft.com/scriptcenter/Feeding-data-to-Active-0227d15c
  http://blogs.technet.com/b/heyscriptingguy/archive/2012/10/31/use-powershell-to-modify-existing-user-accounts-in-active-directory.aspx
  http://powershell.org/wp/forums/topic/ad-import-csv-update-attributes-script/
  Please mark this as answer if it helps

• I'm trying to reinstall Mavericks on used Macbook Pro. When I log in to my Apple ID, it says it was not the same ID used to purchase Mountain Lion. I need to change user/admin as a lot of the folders and apps are in Chinese!

  I'm trying to reinstall Mavericks on used Macbook Pro. When I log in to my Apple ID, it says it was not the same ID used to purchase Mountain Lion. I need to change user/admin as a lot of the folders and apps are in Chinese!

  The first thing you should do with a second-hand computer is to erase the internal drive and install a clean copy of OS X. How you do that depends on the model. Look it up on this page to see what version was originally installed.
  If the machine shipped with OS X 10.4 or 10.5, you need a boxed and shrink-wrapped retail Snow Leopard (OS X 10.6) installation disc, which you can get from the Apple Store or a reputable reseller — not from eBay or anything of the kind. If the machine has less than 1 GB of memory, you'll need to add more in order to install 10.6. I suggest you install as much memory as it can take, according to the technical specifications.
  If the machine shipped with OS X 10.6, you need the installation media that came with it: gray installation discs, or a USB flash drive for some MacBook Air models. If you don't have the media, order replacements from Apple. A retail disc, or the gray discs from another model, will not work.
  To boot from an optical disc or a flash drive, insert it, then reboot and hold down the C key at the startup chime. Release the key when you see the gray Apple logo on the screen.
  If the machine shipped with OS X 10.7 or later, you don't need media. It should boot into Internet Recovery mode when you hold down the key combination option-command-R at the startup chime. Release the keys when you see a spinning globe.
  Once booted from the disc or in Internet Recovery, launch Disk Utility and select the icon of the internal drive — not any of the volume icons nested beneath it. In the Partition tab, select the default options: a GUID partition table with one data volume in Mac OS Extended (Journaled) format. This operation will permanently remove all existing data on the drive, which is what you should do.
  After partitioning, quit Disk Utility and run the OS X Installer. When the installation is done, the system will automatically reboot into the Setup Assistant, which will prompt you to transfer the data from another Mac, its backups, or from a Windows computer. If you have any data to transfer, this is usually the best time to do it.
  You should then run Software Update and install all available system updates from Apple. If you want to upgrade to a major version of OS X newer than 10.6, buy it from the Mac App Store. Note that you can't keep an upgraded version that was installed by the previous owner. He or she can't legally transfer it to you, and without the Apple ID you won't be able to update it in Software Update or reinstall, if that becomes necessary. The same goes for any App Store products that the previous owner installed — you have to repurchase them.
  If the previous owner "accepted" the bundled iLife applications (iPhoto, iMovie, and Garage Band) in the App Store so that he or she could update them, then they're linked to that Apple ID and you won't be able to download them without buying them. Reportedly, Apple customer service has sometimes issued redemption codes for these apps to second owners who asked.
  If the previous owner didn't deauthorize the computer in the iTunes Store under his Apple ID, you wont be able toauthorize it under your ID. In that case, contact iTunes Support.

• HT4759 My iCloud email address and my apple ID are different. I would like to change my iCloud to be the same as my apple ID. However I don't know my iCloud password and don't use the email address it belongs to. When I try to change the password, apple b

  My iCloud email address and my apple ID are different. I would like to change my iCloud to be the same as my apple ID. However I don't know my iCloud password and don't use the email address it belongs to. When I try to change the password, apple brings me to a page to reset my apple ID password (which I know and don't want to change). I have even tried to delete my iCloud account completely to start again but am not allowed without the iCloud password (which I don't have) there doesn't seem to be a place to change the email address of iCloud. What can I do?

  This is the answer that I had expected, so in this case you could only change your gmail.com address to another providers email addres e.g. outlook.com, yahoo.com, etc., but you won't be able to change the gmail.com address to a icloud.com email address. Apple just won't let you do that.
  Your iCloud account with @icloud.com email address and you Apple ID with gmail.com address are already connected and as I said before, Apple just let you merge this two IDs together.

• I just set an administrators name (my full name) and password for parental controls (using the one I always use) and now after restarting and trying to make changes to aprental controls it does not recognize my password

  I just set an administrators name (my full name) and password for parental controls (using the one I always use) and now after restarting and trying to make changes to aprental controls it does not recognize my password

  Hello, do you have another admin account to log into for a test?

• I changed my Apple ID and password. When I use the Apple ID it still show up at old Apple ID. I can't login or purchase anything

  I changed my Apple ID and password. When I use the Apple ID it still show up at old Apple ID. I can't login or purchase anything??? What can I do??

  Hi,
  I had this problem too. Log out on everything you can be logged on with your apple id. After that log in with your new email and password. Hope it helps!

• Portal Password Reset - Active Directory - Urgent

  Friends
  We are using SAP Portal 6.0 SP 18.  The Portal UME data source has been configured with Microsoft ADS.
  Now we have an requirement to change the user Password in the Active Directory from the Portal.
  How can we achieve this...?  I am OK even to do some development for this.
  Please let me know the mechanism.

  You can use the UME API to change your own password on a Microsoft Active Directory server, but before that please see the SAP note 876938. Also please see the SAP note 613577, this note have an attachment, it is very helpful. Useful blog <a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1789">User management API in WebDynpro</a> for how to use UME API's.
  Regards,
  Nitin