How do you reset a password in AD using LDP.exe?

Question

I can connect with a user who has permissions to set passwords. I'm able to change attributes, but I can't set the password.

Found some instructions to set the attribute unicodePwd to \UNC:"*password*", but it says:

Error: Modify: Unwilling To Perform. <53>

Setting LDAP_OPT_ENCRYPT to 1 didn't work either. The port I'm using is 389.

Answer 1

You should set attribute userpassword.

Answer 2

To set unicodePwd directly using ldp.exe set LDAP_OPT_ENCRYPT = 1 to bind with an encrypted channel and use this syntax:

\UNI:"pwdhere"

The \UNI: and the quotes are very important as the password must be passed in Unicode and the quotes are used by the system to delimit the password.

You also need Reset Password permission if you want to replace the existing password and Change Password permissions to do a remove and add operation.

From here: http://microsoft.public.windows.server.active-directory.narkive.com/tBRamxYg/reset-password-problem

Answer 3

The password change operation on the AD can only be done using the encrypted connection. Use open ssl with 636 port to establish a ssl connection which will encrypt everything sent to the server once the connection is established. AD prevents sending the password in the clear and hence mandates encrypted connection. While opening the ssl connection you must have the certificate installed on your client machine to make the handshaking between the server and client complete. And the correct attribute to use is userpassword. However while using the unicodepwd the correct value should be entered like \UNI:"newpassword"