Re: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- From: "Spin" <Spin@xxxxxxxx>
- Date: Sat, 6 Oct 2007 07:24:11 -0400
Does this look correct to you Joe?
changetype: add
objectClass: user
samaccountname: psmith
sn: PSmith
useraccountcontrol: 512
dn: cn=psmith,cn=users,dc=alpha,dc=local
changetype: modify
replace: unicodePwd
unicodePwd::IgBQAGEAcwBzAHcAbwByAGQAMQAiAA==
-
dn: cn=psmith,cn=users,dc=alpha,dc=local
changetype: modify
add: givenName
givenName: Paul
-
replace: sn
sn: SMith
-
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:OAC1bNvBIHA.5980@xxxxxxxxxxxxxxxxxxxxxxx
It is kind of tricky to do. I think there might be a kbase article on it somewhere.
Basically, you need to set the unicodePwd attribute with the password value, where that is the binary version of the unicode string of the password value surrounded by "" characters. Thus, if you want to set a password of Password1, you would use the string "Password1". That value as an array of bytes is this in hex:
22-00-50-00-61-00-73-00-73-00-77-00-6F-00-72-00-64-00-31-00-22-00
Since binary values are set in LDIF using Base64 format, that would translate to:
IgBQAGEAcwBzAHcAbwByAGQAMQAiAA==
Thus, the LDIF file line might look like:
unicodePwd:: IgBQAGEAcwBzAHcAbwByAGQAMQAiAA==
You can only set unicodePwd over a secure channel, so you need to make sure that you use SSPI auth with LDIFDE and use the -h switch (I think; going from memory here) and your AD server must be 2003. Also, you client must be XP or higher. If your client or server are running Win2K, then this operation can only be done via SSL, so you'll need an SSL/LDAP enabled DC.
So, it isn't exactly straightforward, but it can be made to work. :)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Spin" <Spin@xxxxxxxx> wrote in message news:5mlcamFe58u1U1@xxxxxxxxxxxxxxxxxxxxxThat's it Joe, my domain requires setting a password. What's the syntax for setting the password?
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:eiox3CdBIHA.1208@xxxxxxxxxxxxxxxxxxxxxxxI think it may actually have been that he tried to enable the account (userAccountControl: 512) without first setting a password. If the domain pwd policy requires passwords, then you have to set a password before enabling.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:%23e0nnBaBIHA.4496@xxxxxxxxxxxxxxxxxxxxxxxHi
The error sounds self explanatory:
"The value provided forthe new password does not meet the length, complexity, or history requirement of the domain"
You need to provide a Password that respects the Password Domain Policy.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Spin" <Spin@xxxxxxxx> wrote in message news:5mgf1lFdddjjU1@xxxxxxxxxxxxxxxxxxxxxGurus,
Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password". What am I doing wrong?
"Add error on line 1: Unwilling To PerformThe server side error is "Unable to update the password. The value provided forthe new password does not meet the length, complexity, or history requirement of the domain."0 entries modified successfully.An error has occurred in the program"
And here's the code inside the file I am importing with LDIFDE.
dn: cn=psmith,cn=users,dc=mydom,dc=local
changetype: addobject
Class: user
samaccountname: psmith
sn: PSmith
useraccountcontrol: 512
dn: cn=psmith,cn=users,dc=mydom,dc=local
changetype: modify
add: givenName
givenName: Paul
-
replace: sn
sn: SMith
-
.
- References:
- Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- From: Spin
- Re: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- From: Jorge Silva
- Re: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- From: Joe Kaplan
- Re: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- From: Spin
- Re: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- From: Joe Kaplan
- Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- Prev by Date: name change not working on one user
- Next by Date: Re: How to add a domain user to local administrator group?
- Previous by thread: Re: Trying to add a user to AD via LDIFDE but receiving an error stating "Unable to update the password"
- Next by thread: restorage of active directory 2003
- Index(es):
Relevant Pages
|
Loading
