We recently updated our Active Directory servers to 2008 R2. I had a perl script that would change a users password in OpenLDAP and Active Directory at the same time. This was working fine until the update. I can still change a user's password when I bind as an AD administrator, but not as a normal user. Has anyone else here gone through this?
I know the that behavior or replacing a password is different whether you are an administrator or regular user changing your own password, as documented here: http://support.microsoft.com/?kbid=269190 I wrote this code based on the above link: # AD doesn't allow non-admin users to replace their password. # Instead, it must be deleted and re-added. Administrators can only # replace a password. if ($username ne getlogin()) { $mesg = $ad->modify($ad_user_dn, replace=>{unicodePwd => $newUnicodePwd} ); } else { $mesg = $ad->modify($ad_user_dn, delete=>{unicodePwd => $newUnicodePwd}); $code = $mesg->code; if ($code != 0) { $mesg = $ad->modify($ad_user_dn, replace=>{unicodePwd => $newUnicodePwd} ); } } This worked for just fine until the upgrade to 2008 R2. Any ideas? -- Prentice
