From: Jim Mintha (j.t.minthaUVA.NL)
Date: Thu May 01 2003 - 08:52:29 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 30, 2003 at 10:26:06PM -0700, Gabriel Kuri wrote:
> Windows 2000 Server has the ability to change user's passwords
> in Active Directory via the LDAP interface. However, we've found this
> functionality was broken in a patch Microsoft released
> that is associated with security bulletin MS01-036,
> and then later superseded by MS02-016.

It seems to still work for us. We use perl with the perl-ldap
libraries. Basically we do:

- Bind to AD with an administrator account using SSL (ldap v3)
- do a lookup on the user
- encode the new password using unicode
- do an replace on the unicodePwd field

Just checked it and it still work on a machine that has all current
patches (SP3 +)

Let me know if you would like to see the code. Apologies if I missed
something - I'm just a Unix guy :)

Jim

--
Jim Mintha Email: j.t.minthauva.nl
System Administrator Work: +31 20 525-4919
Informatiseringscentrum Home: +31 20 662-3892
University of Amsterdam Debian GNU/Linux: jminthadebian.org
_There are always Possibilities_ http://www.mintha.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by IP3 Inc.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become
TICSA certified.

Do not miss your opportunity to discover solutions to what our participants
have identified as their top 5 IT Security Challenges. You will return to
work better prepared to put into place an effective security strategy
utilizing the latest security tools, bookmarks and URL's.

<http://www.ip3seminars.com>

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]