Setting password in Active Directory

[Adam C]

Does anyone have an example of how to set a password in AD using ldaptive? Apparently AD does not support password modify extended operation, and I haven't found any other ldaptive examples on how to set a password.

Thanks!

-Adam

[Daniel Fisher]

I don't think most AD shops use the LDAP protocol to set passwords, so YMMV on how appropriate this is in your environment.

I've had success with this bit of code:

final ModifyOperation modify = new ModifyOperation(conn);

modify.execute(new ModifyRequest(

    <entry-DN>,

    new AttributeModification(

        AttributeModificationType.REPLACE,

        new UnicodePwdAttribute(<entry-Password>)),

    new AttributeModification(

        AttributeModificationType.REPLACE,

        new LdapAttribute("userAccountControl", "512"))));

--Daniel Fisher

--
You received this message because you are subscribed to the Google Groups "ldaptive" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ldaptive+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Adam C]

We are successfully changing users' password in AD using similar code to below, however, this is using the administrator account to set the password. The negative side effect is that the password policy for the group that we are using is not being followed when the password is set. For example, our password policy has a password history of ten, but this is not being enforced on the admin account.

Is there a way to set the password using the ModifyOperation and UnicodePwdAttribute while logged in as the user so that the group policies will be in effect?

Thanks!

[Daniel Fisher]

According to this doc:

https://support.microsoft.com/en-us/help/269190/how-to-change-a-windows-active-directory-and-lds-user-password-through

The following should work:

    final ModifyOperation modify = new ModifyOperation(conn);

    modify.execute(new ModifyRequest(

        <entry-DN>,

      new AttributeModification(

        AttributeModificationType.REMOVE,

        new UnicodePwdAttribute(<old-password>)),

      new AttributeModification(

        AttributeModificationType.ADD,

        new UnicodePwdAttribute(<new-password>)));

Make sure you perform a bind operation on the connection as the user.

Let me know if that works, I'm not certain your policy will be enforced with either method.

--Daniel Fisher

[Adam C]

That does work, thanks.

Initially I tried your method with two separate operations, but received an Insufficient privileges error. Once I combined the DELETE and ADD into a single ModifyRequest it worked.