Re: Creating accts through LDAP

From: GMartin (gmartin_at_gmartin.org)
Date: 01/12/05

• Next message: GMartin: "Re: Domain password expiration reset"
• Previous message: GMartin: "Re: AD attribute permissions"
• In reply to: Joe Richards [MVP]: "Re: Creating accts through LDAP"
• Next in thread: Joe Richards [MVP]: "Re: Creating accts through LDAP"
• Reply: Joe Richards [MVP]: "Re: Creating accts through LDAP"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 12 Jan 2005 12:28:11 -0500
To: "Joe Richards [MVP]" <humorexpress@hotmail.com>

Thanks for the help, gentlemen. I'm continualy amazed by the quality of
folks who hang out here!

\\Greg

Joe Richards [MVP] wrote:
> This is handled in the backend by setting useraccountcontrol &
> ADS_UF_PASSWD_NOTREQD when the account is created so it can exist
> without a password.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Joe Kaplan (MVP - ADSI) wrote:
>
>> Create account, then add password, then enable it via
>> userAccountControl. The documentation is misleading in that the
>> account can't be enabled without a password with domain password
>> policy, but can actually exist.
>>
>> Joe K.
>>
>> "GMartin" <gmartin@gmartin.org> wrote in message
>> news:%23MKncID%23EHA.1408@TK2MSFTNGP10.phx.gbl...
>>
>>> Referencing How To Change a Windows 2000 User's Password Through LDAP
>>> http://support.microsoft.com/?kbid=269190
>>>
>>> "...The attribute(unicodepwd)can only be modified; it cannot be added
>>> on object creation..."
>>>
>>> So, given that our domain (ou) policy requires passwords, how does
>>> one create an account without it? Do we create the account in an OU
>>> with no such policy, add the password and then move the acct to the
>>> resting place?
>>>
>>> (scratching my head)
>>>
>>> \\Greg
>>
>>
>>
>>

---

• Next message: GMartin: "Re: Domain password expiration reset"
• Previous message: GMartin: "Re: AD attribute permissions"
• In reply to: Joe Richards [MVP]: "Re: Creating accts through LDAP"
• Next in thread: Joe Richards [MVP]: "Re: Creating accts through LDAP"
• Reply: Joe Richards [MVP]: "Re: Creating accts through LDAP"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Creating accts through LDAP ... This is handled in the backend by setting useraccountcontrol & ... Joe Richards Microsoft MVP Windows Server Directory Services ... > Create account, then add password, then enable it via userAccountControl. ... > a password with domain password policy, ... (microsoft.public.windows.server.active_directory) Re: Unlock acct permissions ... Joe is one of the best in the world. ... How do I get DSACLS to run on a specific account? ... The permissions in the security do not seem>>> to ... The correct permissions are on the security group, ... (microsoft.public.win2000.active_directory) Re: Unlock acct permissions ... It may actually be the best of the bunch but it is very old now so it is mostly about those GOOD FUNDAMENTALS that one needs and which Joe referenced. ... >>>Overall you appear to be a very "green" admin and you should buy one or more>>>books and learn this stuff before you do too much more. ... >>>Joe Richards Microsoft MVP Windows Server Directory Services ... How do I get DSACLS to run on a specific account? ... (microsoft.public.win2000.active_directory) Re: Service running as Local system account Unable to map drive on ... Hi Joe and Phillip ... account has full permissions on both the share and the file system itself. ... Security Eventlog: ... (microsoft.public.security) Re: Password Expired Query ... issue their own LDAP query to do this. ... If you just want to get this done, Joe R's tool is very easy. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The problem is there isn't a flag saying the account is expired, ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)