Re: Change AD user password via LDAP - requires SSL Connection?

I think joe means ADMOD and not ADFIND ;-)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eWgAOBA6GHA.3732@xxxxxxxxxxxxxxxxxxxxxxx
You need a minimum level of LDAP encryption, this can be satisfied with
128 bit SSL as well as kerberos session encryption on 2K and on K3 and
better you can NTLM session encryption.

For instance, my adfind can set a user password with LDAP as long as you
specify the -kerbenc switch which actually enables LDAP_OPT_ENCRYPT (see
the Session Options documentation on MSDN).

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


ohaya wrote:
Paul,

Thanks for the confirmation. When I was searching, I *thought* that I
had seen a post somewhere (I can't find it anymore :() that said that
this was something that had changed in Win2K3 (vs. Win2K).

In my testing here, I only have a Win2K AD, while our "production"
environment has a Win2K3 AD, so wanted to check. I guess I probably
really should stand up a Win2K3 AD for future testing :)...

Jim


Paul Bergson wrote:
Yes, you have to establish a secure connection with AD (Port 636).



.

Relevant Pages

  • Re: Core servers
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... INF and RID roles for the child domain be isolated ...
    (microsoft.public.windows.server.active_directory)
  • Re: FMSO question
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... I plan on reinstalling DC1 as a domain controller, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Help with Journal Wrap error
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Do the D2 and just wait until the schedule opens ...
    (microsoft.public.win2000.active_directory)
  • Re: Default tombstone lifetime
    ... besides what joe mentioned some more details in the following article... ... Joe Richards Microsoft MVP Windows Server Directory Services ... is used when building a new forest and it isn't like that is buggy. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Replication and Preferred Bridgehead
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... with that a DC/GC needs to replicate a NC that is not being ...
    (microsoft.public.windows.server.active_directory)