RE: How To Set AD Password

Mon, 04 Jan 2010 11:27:32 -0800 

AD won't allow a user password to be set over a non-ssl LDAP connection.
Get a "real" cert from a third party for the DC or go self-signed.

I'll try to attach my entire AD support module to this, not sure if the
list will allow attachments though. If you want it directly, let me
know.

Here's my worker function to set the AD password for a given user DN
(note that adConnect() goes over a secure channel):

#
========================================================================
======
# NAME        : _setADPasswordForUser
# DESCRIPTION : Set the password for a given AD account
# ARGUMENTS   : string(dn), string(password)
# RETURN      : TRUE or FALSE
# NOTES       : None
#
========================================================================
======
sub _setADPasswordForUser {
    my ($dn, $pass) = @_; 
    my $name = "_setADPasswordForUser";
    my ( $package, $filename, $line ) = caller; 
    debug("$name: entering with args @_");
    debug("$name: called from package->$package, filename->$filename,
line->$line");    

    my $retval = 0;
    my $npass;

    my $ad = _adConnect();

    # add quotes and convert to uniCode
    map { $npass .= "$_\000" } split(//, "\"$pass\"");
    debug("$name: unicodePwd => $npass");
                
    my $rtn = $ad->modify($dn, replace => { "unicodePwd" => $npass }); 
        
    if ( $rtn->code ) { 
        logmsg("$name: FAILED to change password for $login");
        logmsg("$name: LDAP error code is: " . $rtn->code);
        logmsg("$name: LDAP error text is: " . $rtn->error);
        $retval = 0;
    } else {
        $retval = 1;
    }   

    if ( _adClose($ad) ) { 
        return($retval);
    } else {
        return($retval);
    }   

}



> -----Original Message-----
> From: Sheahan, John [mailto:john.shea...@priceline.com]
> Sent: Thursday, December 31, 2009 9:37 AM
> To: perl-ldap@perl.org
> Subject: How To Set AD Password
> 
> My script is successfully creating AD and Exchange accounts but I'm
> having trouble setting the password.
> 
> I am setting these attributes:
> 
>                                   'userPassword' => 'password',
>                                   'userAccountControl' => '66048',  #
> activates the account and sets the password to never expire
> 
> 
> For some reason, the password is not being set but my script does not
> throw an error.
> 
> I have two questions:
> 
> 
> 1.       Does anyone know what the default password is for a newly
> created user in AD if none is set?
> 
> 2.       What is the best way to set the password when creating a new
> user?
> 
> 
> Thanks a lot
> 
> John

Attachment: adtools.pm
Description: adtools.pm

Reply via email to