Does anyone know of an easy way to delegate permission to modify the unicodePwd attribute?
Third-party is trying to assist with LDAP based password resets, and they are insisting permission to this attribute is needed. I don't even see that attribute in the Security tab for User Objects in Active Directory when I go to check available permissions.
Or is there another minimum list of permissions needed for carrying out password resets in Active Directory via LDAP?
I delegated typical permissions:
• Change Password
• Reset Password
• Read userAccountControl
• Write userAccountControl
• Read lockoutTime
• Write lockoutTime
But they get the following error when trying to carry out a password reset:
error: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0