eh? not sure what you mean here - "admin permissions can use resetpassword call to reset a user with an invalidated token" - what do you mean? The permissions are just a list of functions, they can't do anything on their own.
Did you indeed create a front end for sbadmcl.exe? It would have been much cleaner to use the COM object instead (and a lot less work on the server since you can use persistent connections in COM, but not shelling out to the exe).
I'm a novice and did what I knew how, but has nothing to do with my question. I have three permission levels. For the sake of arguement, I say 1,2 and 3 with 1 being the highest. level 3 being a user.
If I try to use resetpassword call as level 1 to reset a level 2 with invalidated token, it fails and I have to use the console and it works there.
If I try to use resetpassword call as level 2 to reset a level 3 with invalidated token, it works.
not sure I can see how this can be true - you can only modify the properties of someone with a lower admin level than yourself, unless you are level 32, then you can also reset other level 32 users.
So, level 1 should not be able to reset anyone, level 2 can only reset level 1, level 3, only levels 1 and 2 etc.
I agree with you Simon, it doesn't make sense, but this is what I'm seeing as I test it. With your level structure in your last post, when level 3 tries to reset level 2 with invalidated token... it comes back with the token is invalidated. I log into console and it works fine. So, I do have permissions to do it.
you're doing resetpassword in EEM, not "Create Token"?
certainly though, you can't (successfully) reset the password of an invalidated token - you need to recreate it. Once its been invalidated, it's zeroed beyond recovery.
Well, we have talked before and I have tried to ask you again, but you never answered. You stated that resetpassword call is like creating a new token, so I tested it. It indeed will resetpassword for a level one with an invalidated token. I've been testing it for two weeks now.
BTW, you got me reading about COM now.
So, if using COM and 99% of the connections will be transient, what is the advantage over shelling?
Also, Are you saying resetpassword call acts like creating a new token up to a point, but doesn't work properly with invalidated token even though it reports successful operation?