| Author |
Message |
GMartin
Guest
|
 Posted:
Wed Jan 12, 2005 5:05 am Post subject:
Creating accts through LDAP |
|
|
Referencing How To Change a Windows 2000 User's Password Through LDAP
http://support.microsoft.com/?kbid=269190
"...The attribute(unicodepwd)can only be modified; it cannot be added on
object creation..."
So, given that our domain (ou) policy requires passwords, how does one
create an account without it? Do we create the account in an OU with no
such policy, add the password and then move the acct to the resting place?
(scratching my head)
\\Greg |
|
| Back to top |
|
 |
Joe Kaplan (MVP - ADSI)
Guest
|
| Posted:
Wed Jan 12, 2005 5:15 am Post subject:
Re: Creating accts through LDAP |
|
|
Create account, then add password, then enable it via userAccountControl.
The documentation is misleading in that the account can't be enabled without
a password with domain password policy, but can actually exist.
Joe K.
"GMartin" <gmartin@gmartin.org> wrote in message
news:%23MKncID%23EHA.1408@TK2MSFTNGP10.phx.gbl...
| Quote: | Referencing How To Change a Windows 2000 User's Password Through LDAP
http://support.microsoft.com/?kbid=269190
"...The attribute(unicodepwd)can only be modified; it cannot be added on
object creation..."
So, given that our domain (ou) policy requires passwords, how does one
create an account without it? Do we create the account in an OU with no
such policy, add the password and then move the acct to the resting place?
(scratching my head)
\\Greg |
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Wed Jan 12, 2005 9:07 am Post subject:
Re: Creating accts through LDAP |
|
|
This is handled in the backend by setting useraccountcontrol &
ADS_UF_PASSWD_NOTREQD when the account is created so it can exist without a
password.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI) wrote:
| Quote: | Create account, then add password, then enable it via userAccountControl.
The documentation is misleading in that the account can't be enabled without
a password with domain password policy, but can actually exist.
Joe K.
"GMartin" <gmartin@gmartin.org> wrote in message
news:%23MKncID%23EHA.1408@TK2MSFTNGP10.phx.gbl...
Referencing How To Change a Windows 2000 User's Password Through LDAP
http://support.microsoft.com/?kbid=269190
"...The attribute(unicodepwd)can only be modified; it cannot be added on
object creation..."
So, given that our domain (ou) policy requires passwords, how does one
create an account without it? Do we create the account in an OU with no
such policy, add the password and then move the acct to the resting place?
(scratching my head)
\\Greg
|
|
|
| Back to top |
|
|
GMartin
Guest
|
| Posted:
Wed Jan 12, 2005 11:28 pm Post subject:
Re: Creating accts through LDAP |
|
|
Thanks for the help, gentlemen. I'm continualy amazed by the quality of
folks who hang out here!
\\Greg
Joe Richards [MVP] wrote:
| Quote: | This is handled in the backend by setting useraccountcontrol &
ADS_UF_PASSWD_NOTREQD when the account is created so it can exist
without a password.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI) wrote:
Create account, then add password, then enable it via
userAccountControl. The documentation is misleading in that the
account can't be enabled without a password with domain password
policy, but can actually exist.
Joe K.
"GMartin" <gmartin@gmartin.org> wrote in message
news:%23MKncID%23EHA.1408@TK2MSFTNGP10.phx.gbl...
Referencing How To Change a Windows 2000 User's Password Through LDAP
http://support.microsoft.com/?kbid=269190
"...The attribute(unicodepwd)can only be modified; it cannot be added
on object creation..."
So, given that our domain (ou) policy requires passwords, how does
one create an account without it? Do we create the account in an OU
with no such policy, add the password and then move the acct to the
resting place?
(scratching my head)
\\Greg
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Wed Jan 12, 2005 11:44 pm Post subject:
Re: Creating accts through LDAP |
|
|
Yep, JoeK is a keeper. :o)
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
GMartin wrote:
| Quote: | Thanks for the help, gentlemen. I'm continualy amazed by the quality of
folks who hang out here!
\\Greg
Joe Richards [MVP] wrote:
This is handled in the backend by setting useraccountcontrol &
ADS_UF_PASSWD_NOTREQD when the account is created so it can exist
without a password.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI) wrote:
Create account, then add password, then enable it via
userAccountControl. The documentation is misleading in that the
account can't be enabled without a password with domain password
policy, but can actually exist.
Joe K.
"GMartin" <gmartin@gmartin.org> wrote in message
news:%23MKncID%23EHA.1408@TK2MSFTNGP10.phx.gbl...
Referencing How To Change a Windows 2000 User's Password Through LDAP
http://support.microsoft.com/?kbid=269190
"...The attribute(unicodepwd)can only be modified; it cannot be
added on object creation..."
So, given that our domain (ou) policy requires passwords, how does
one create an account without it? Do we create the account in an OU
with no such policy, add the password and then move the acct to the
resting place?
(scratching my head)
\\Greg
|
|
|
| Back to top |
|
|
Joe Kaplan (MVP - ADSI)
Guest
|
| Posted:
Wed Jan 12, 2005 11:55 pm Post subject:
Re: Creating accts through LDAP |
|
|
Coming from the likes of Joe Richards, that is quite flattering. :)
Joe K.
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OwtMU5M%23EHA.2700@TK2MSFTNGP14.phx.gbl...
| Quote: | Yep, JoeK is a keeper. :o)
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
GMartin wrote:
Thanks for the help, gentlemen. I'm continualy amazed by the quality of
folks who hang out here!
\\Greg
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Thu Jan 13, 2005 12:05 am Post subject:
Re: Creating accts through LDAP |
|
|
LOL. It is simply joe.
It is more fun that way when I go to conferences, I like laughing when I hear,
"Oh, you are THAT joe".
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI) wrote:
| Quote: | Coming from the likes of Joe Richards, that is quite flattering. :)
Joe K.
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OwtMU5M%23EHA.2700@TK2MSFTNGP14.phx.gbl...
Yep, JoeK is a keeper. :o)
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
GMartin wrote:
Thanks for the help, gentlemen. I'm continualy amazed by the quality of
folks who hang out here!
\\Greg
|
|
|
| Back to top |
|
|
Marc Scheuner [MVP ADSI]
Guest
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Thu Jan 13, 2005 11:18 pm Post subject:
Re: Creating accts through LDAP |
|
|
Maybe... though I have no problem knowing which one I am. :o)
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Marc Scheuner [MVP ADSI] wrote:
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in