How to update unicodePwd in LDP

Quick and cheerful reminder –if you want to perform a password set operation in LDP there’s two main ways of doing it:

  • You can supply a string value to userPassword (providing the domain functional level is Windows Server 2003 or later); or
  • You can supply a UTF-16 encoded Unicode string containing the password surrounded by quotation marks, which has been BER-encoded as an octet string (per the Object(Replica-Link) syntax).

The latter is obviously not exactly straightforward, but LDP provides a nice syntax to make this easy: prefix the password with backslash UNI colon, then enter the password in double quotes, like so:

\UNI:”P@$$w0rd!”

Where P@$$w0rd! is obviously the password. Let me show you how that looks. Here’s the Modify dialog:

Here’s the LDP window after clicking Run:

Note that in both instances you need to be using either an SASL (LDAP_OPT_ENCRYPT = 1) or SSL/TLS protected connection.

In the case of the above I just open LDP, press Ctrl + B and <Enter> –which performs a SASL bind (those of you with good eyes will note that in the screenshot I’ve actually connected then cleared the screen before binding as bind calls ldap_connect if there isn’t a connection –I did this to make the output neat). Then I click Browse, Modify and enter the details. A password Set is a replace operation.

The purpose of this post is to remind myself and others of the \UNI:”Password” syntax for writing to unicodePwd. For more information on userPassword see this article. For more information on unicodePwd see this article.

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in Active Directory and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s