Set or modify the password of an ADAM user
Applies To: Windows Server 2003 R2
Set or modify the password of an ADAM user
Using ADAM ADSI Edit
Using Ldp over an encrypted, non-SSL connection
Using Ldp over an SSL connection
Using ADAM ADSI Edit
To set or modify the password of an ADAM user
Open ADAM ADSI Edit.
Connect and bind to the directory partition containing the ADAM user for whom you want to set or modify the password.
To complete this task, you can bind to the directory partition as an ADAM user or as a Windows Security principal.
To bind to the directory partition as an ADAM user, complete the following:
Click Start, point to Administrative Tools, and then click ADSI Edit.
On the Action menu, click Connect to. The Connection Settings dialog box appears.
In Select or type a domain or server: (Server | Domain[:port]), type the Domain Name System (DNS) name, NetBIOS name, or IP address of the computer on which the ADAM instance is running, followed by a colon (:) and the LDAP communication port that the ADAM instance to which you want to connect is using.For example, if ADAM is running on the local computer, you can type localhost:389.
Under Connection point, click Select or type a Distinguished Name or Naming Context, and then type the name of your directory partition.
Click Advanced, and then click Specify Credentials.
Under Connect using these credentials, type the DN (distinguished name) and the password of your ADAM user, make sure Simple bind authentication checkbox is checked, and then click OK.
Note
Make sure that your ADAM user is enabled, by setting its MSds-UserAccountDisabled attribute to FALSE.
To bind to the directory partition as a Windows security principal, complete the following:
Click Start, point to Administrative Tools, and then click ADSI Edit.
On the Action menu, click Connect to. The Connection Settings dialog box appears.
In Select or type a domain or server: (Server | Domain[:port]), type the Domain Name System (DNS) name, NetBIOS name, or IP address of the computer on which the ADAM instance is running, followed by a colon (:) and the LDAP communication port that the ADAM instance to which you want to connect is using.For example, if ADAM is running on the local computer, you can type localhost:389.
Under Connection point, click Select or type a Distinguished Name or Naming Context, and then type the name of your directory partition.
Click Advanced, and then click Specify Credentials.
Under Connect using these credentials, type the domain, user name, and password of your Windows principal, and then click OK.
Browse to the directory object representing the ADAM user, and then right-click the directory object.
Click Reset password, and then type a password for the user in New password and in Confirm password.
Notes
To open the ADAM ADSI Edit snap-in, click Start, point to All Programs, point to ADAM, and then click ADAM ADSI Edit.
For information about how to connect and bind to an ADAM instance using ADAM ADSI Edit, see Related Topics.
Using Ldp over an encrypted, non-SSL connection
To set or modify the password of an ADAM user
Open Ldp.
On the Options menu, click Connection Options.
In Option Name, click LDAP_OPT_ENCRYPT.
In Value, type 1, click Set, and then click Close.
Connect and bind to the ADAM instance as a Windows security principal, and then view the directory partition containing the ADAM user for whom you want to set a password.
To connect and bind to the ADAM instance as a Windows security principal, complete the following:
On the Connection menu, click Connect. In Server, type the DNS name, NetBIOS name, or IP address of the computer on which the ADAM instance is running, and in Port, type the LDAP communication port that the ADAM instance to which you want to connect is using.
On the Connection menu, click Bind.
Under Bind type, select Bind with credentials. Type the name of your Windows security principal in the User field, along with the password of this account in the Password field, and the domain name that this account belongs to in the Domain field, and then click OK.
Right-click the ADAM user, and then click Modify.
In Attribute, type userpassword, and then in Value, type a password for the account.
Click Enter, and then click Run. The details pane displays a message similar to the following:
***Call Modify... ldap_modify_s(ld, 'CN=Mary Baker,O=Microsoft,C=US',[1] attrs); Modified "CN=Mary Baker,O=Microsoft,C=US".
Notes
To open Ldp, click Start, point to All Programs, point to ADAM, click ADAM Tools Command Prompt, and then type ldp at the command prompt.
You can also use ADAM ADSI Edit to set or modify passwords: right-click the directory object representing the ADAM security principal in ADAM ADSI Edit, and then click Reset Password.
For information about how to connect and bind to an ADAM instance using Ldp, see Related Topics.
By default, an ADAM instance running on Windows Server 2003 automatically enforces any local or domain password policies. If you set a password for an ADAM user that does not meet the requirements of the password policy in effect, the user account will be disabled.
The ADAM user for whom you set or modify the password must use the new password the next time that the user logs on.
This procedure applies to any object class that is used as a security principal in ADAM. Any object class in ADAM can be used as a security principal, as long as the object class definition contains the msDS-bindableobject auxiliary class and the unicodePwd attribute. For more information, see Related Topics.
The user, person, inetOrgPerson, and OrganizationalPerson object classes are not available by default in the ADAM schema. You must first import them. For more information, see Related Topics.
Using Ldp over an SSL connection
To set or modify the password of an ADAM user
Install a server certificate on the computer where the ADAM instance is running, and install a matching client certificate on the computer from which you administer the ADAM instance.
Open Ldp.
Connect and bind to the ADAM instance (selecting SSL in the Connect dialog box) containing the user for whom you want to set or modify a password. For more information, see Appendix A: Configuring LDAP over SSL Requirements for AD LDS (https://go.microsoft.com/fwlink/?LinkId=160191).
To complete this procedure, connect and bind to the ADAM instance as an ADAM user by completing the following:
On the Connection menu, click Connect. In Server, type the DNS name, NetBIOS name, or IP address of the computer on which the ADAM instance is running, and in Port, type the SSL communication port that the ADAM instance to which you want to connect is using.
On the Connection menu, click Bind.
Under Bind type, select Simple Bind, type the DN of your ADAM user in the User field, along with the password that you just assigned to this account in the Password field, and then click OK.
Right-click the ADAM user, and then click Modify.
In Attribute, type userpassword, and then in Value, type a password for the account.
Click Enter, and then click Run. The details pane displays a message similar to the following:
***Call Modify... ldap_modify_s(ld, 'CN=Mary Baker,OU=Beta users,O=Microsoft,C=US',[1] attrs); Modified "CN=Mary Baker,OU=Beta users,O=Microsoft,C=US".
Notes
To open Ldp, click Start, point to All Programs, point to ADAM, click ADAM Tools Command Prompt, and then type ldp at the command prompt.
For information about how to connect and bind to an ADAM instance using Ldp, see Related Topics.
Establishing Secure Sockets Layer (SSL) connections requires the presence of certificates on the server and clients. For information about installing certificates, see Related Topics.
By default, an ADAM instance running on Windows Server 2003 automatically enforces any local or domain password policies. If you set a password for an ADAM user that does not meet the requirements of the password policy in effect, the user account will be disabled.
If the ADAM user is currently logged on, that user must log off for the new password to take effect.
This procedure applies to any object class that is used as a security principal in ADAM. Any object class in ADAM can be used as a security principal, as long as the object class definition contains the SecurityPrincipal static auxiliary class and the unicodePwd attribute. For more information, see Related Topics.
The user, person, inetOrgPerson, and OrganizationalPerson object types are not available by default in the ADAM schema. You must first import them. For more information, see Related Topics.
See Also
Concepts
Understanding ADAM users and groups
Import the user classes supplied with ADAM
Administering an ADAM instance
Connect and bind to an ADAM instance using Ldp.exe
Connect and bind to an ADAM instance using ADAM ADSI Edit