How to Disable “Password Operations Over LDAPS Only” policy in Active Directory

蓝咒 提交于 2019-12-07 16:23:51

问题


By default Active Directory doesn't allow to do password operations such as password updates or user creating with passwords over an LDAP connection, it requires an LDAPS connection. How can I disable this policy? I can ensure the connection between my client and the AD is secure, so I do not need SSL encryption.


回答1:


Open a command line (Start → Run → cmd) and type the following commands:

  • dsmgmt
  • ds behavior
  • connections
  • connect to server localhost
  • quit
  • allow passwd op on unsecured connection
  • list current ds-behavior
  • quit
  • quit

The whole thing should look like this (empty lines added for readability)

C:\Windows\system32>dsmgmt

dsmgmt: ds behavior

AD DS/LDS behavior: connections

server connections: connect to server localhost
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.

server connections: quit

AD DS/LDS behavior: allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.

AD DS/LDS behavior: list current ds-behavior
Password operations on unsecured connection: Allowed.

AD DS/LDS behavior: quit
dsmgmt: quit

To undo the change, open dsmgmt again and follow the steps. Instead of allow, use deny passwd op on unsecured connection.

Source: http://www.forumeasy.com/forums/thread.jsp?tid=135602313860&fid=ldapprof9



来源:https://stackoverflow.com/questions/16861664/how-to-disable-password-operations-over-ldaps-only-policy-in-active-directory

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!