Export (0) Print
Expand All
0 out of 2 rated this helpful - Rate this topic

DS behavior

Updated: April 17, 2012

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2008

Manages password operations over unsecured connections. You can allow or deny password operations over unsecured connections and list the current setting.

As a best security practice, you should not disable strong encryption in a production environment. Strong encryption ensures that passwords are transmitted only across secure channels. For test environments only, you can disable strong encryption.

This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (http://go.microsoft.com/fwlink/?LinkID=177813).

To use either of these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

connections
[{allow passwd op on unsecured connection | deny passwd op on unsecured connection | list current ds-behavior}] 

 

Parameter Description

allow passwd op on unsecured connection

Modifies AD DS or AD LDS behavior to allow password operations over an unsecured connection.

connections

Invokes the server connections submenu.

deny passwd op on unsecured connection

Modifies AD DS or AD LDS behavior to deny password operations over an unsecured connection.

list current ds-behavior

Lists current behavior for the AD DS or AD LDS instance.

quit

Takes you back to the previous menu, or exits the utility.

?

Displays Help at the command prompt.

Help

Displays Help at the command prompt.

  • Before you can run the DS behavior subcommand, you need to connect to a specific AD Ds or AD LDS instance by using the connections parameter.

  • By default, password operations over unsecured connections are denied. You should change the default setting only after performing an appropriate risk analysis.

  • Ntdsutil does not correctly handle special characters, such as the apostrophe character ('), that you can enter at the ntdsutil: prompt at the command line. In some situations, there may be an alternative workaround. For more information, see local roles (http://go.microsoft.com/fwlink/?LinkId=157320).

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.