Avatar of Garry Shape
Garry Shape
Flag for United States of America

asked on 

Attribute permission - unicodePwd?

Does anyone know of an easy way to delegate permission to modify the unicodePwd attribute?

Third-party is trying to assist with LDAP based password resets, and they are insisting permission to this attribute is needed. I don't even see that attribute in the Security tab for User Objects in Active Directory when I go to check available permissions.

Or is there another minimum list of permissions needed for carrying out password resets in Active Directory via LDAP?

I delegated typical permissions:

•      Change Password
•      Reset Password
•      Read userAccountControl
•      Write userAccountControl
•      Read lockoutTime
•      Write lockoutTime
But they get the following error when trying to carry out a password reset:

error: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
Active DirectoryWindows Server 2008Windows Server 2012

Avatar of undefined
Last Comment
Garry Shape

8/22/2022 - Mon