There are two possible ways to modify the unicodePwd attribute. In addition, the UNICODE string must begin and end in quotes that are not part of the desired password. This means that any values for this attribute passed in LDAP must be UNICODE strings that are BER-encoded (Basic Encoding Rules) as an octet-string. The syntax of the unicodePwd attribute is octet-string however, the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). Both client and server must be capable of 128-bit encryption.
The client must trust the certificate authority (CA) that generated the server certificate.
This article describes how to set or change the password attribute. You can set a Windows Active Directory and LDS user's password through the Lightweight Directory Access Protocol (LDAP) given certain restrictions. This article describes how to change a Windows Active Directory and LDS user password through LDAP.Īpplies to: Windows Active Directory Original KB number: 269190 Summary