RE: [ActiveDir] userAccountControl 544

joe Tue, 17 Oct 2006 05:44:00 -0700

The password attribute is unicodePwd.

If you want to see it in action, here is a command that will create 100
enabled userids in a domain. Do a network trace and you will verify that
there is but a single LDAP call for each and every ID.


admod -sc adau:100;SomePassword1!;cn=mytestuser,ou=testou,dc=domain,dc=com

That is a "shortcut" switch which submits the following "real" switches to
admod...

Selected Switches
    -add
    -autobase 100:ou=testou,dc=test,dc=loc
    -bmod {{*RDN*}}_{{*cnt*}},{{*parent*}}
    -csv
    -expand
    -exterr
    -kerbenc

Selected Attributes
    unicodepwd::SomePassword1!
    objectclass::user
    useraccountcontrol::512
    pwdlastset::-1
    samaccountname::{{*name*}}_{{*cnt*}}
 


--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm 
 

-----Original Message-----
From: Michael B Allen [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 17, 2006 2:15 AM
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] userAccountControl 544

On Tue, 17 Oct 2006 00:42:59 -0400
"joe" <[EMAIL PROTECTED]> wrote:

> With the raw LDAP API (and I would expect S.DS.Protocols), you can create
an
> enabled user because you can specify the password in the ADD op.

You can? How? What's the name of the attribute?

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] userAccountControl 544

Reply via email to