Attribute permission - unicodePwd?

garryshape
garryshape used Ask the Experts™
on
Does anyone know of an easy way to delegate permission to modify the unicodePwd attribute?

Third-party is trying to assist with LDAP based password resets, and they are insisting permission to this attribute is needed. I don't even see that attribute in the Security tab for User Objects in Active Directory when I go to check available permissions.

Or is there another minimum list of permissions needed for carrying out password resets in Active Directory via LDAP?

I delegated typical permissions:

•      Change Password
•      Reset Password
•      Read userAccountControl
•      Write userAccountControl
•      Read lockoutTime
•      Write lockoutTime
 
But they get the following error when trying to carry out a password reset:

error: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Systems Analyst
Commented:
I've had this happen before when a third-party wasn't adhering to the password policy that was being enforced via policy.

Author

Commented:
They ended up not needing this permission.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial