title: Changing Active Directory Passwords Using LDAPS link: https://onemoretech.wordpress.com/2007/06/12/changing-active-directory-passwords-using-ldaps/ author: lembobro description: post_id: 686 created: 2007/06/12 18:13:00 created_gmt: 2007/06/12 18:13:00 comment_status: open post_name: changing-active-directory-passwords-using-ldaps status: publish post_type: post

Changing Active Directory Passwords Using LDAPS

This is an article from my old personal site.

Which is the point of what came before …

Just a brief script to show how to change an Active Directory user’s password using LDAPS (LDAP over SSL). Requires that the target Active Directory domain controller be SSL enabled, as described in this article. In Active Directory password data is not stored in userpassword, but instead the hidden “system” attribute, unicodePwd. The script contains a routine used to convert the ASCII string supplied for the password into it’s Unicode equivalent.

The “require” line simply imports config info (bind dn and password, etc.) for the script to use.

`

#!/usr/bin/perl
#
use Net::LDAP;
use Net::LDAP::Entry;
use Unicode::Map8;
use Unicode::String qw(utf16);
#
our($adHost,$adAdmin,$adPass);
require "../etc/ldap.inc";
#
my $adURI = "ldaps://$adHost";
my $basedn = "DC=test,DC=example,DC=com";
my @attrs = qw(cn sn givenname uid mail unicodePwd);
my $query = "(cn=orson)";my $newpw = “rosebud”;
#
my $charmap = Unicode::Map8-> new(’latin1′) or die $!;
$newpw = $charmap-> tou(’”‘.$newpw.’”‘)-> byteswap()-> utf16();
#
my $ldaps = Net::LDAP-> new( $adURI ) or die “$@”;
#
my $mesg = $ldaps-> bind($adAdmin, password =>$adPass);
#
$mesg = $ldaps-> search ( base => $basedn,
           scope => ’sub’, filter => $query,
          attrs => @attrs );
#
while (my $entry = $mesg-> shift_entry()) {
    #
    my $userdn = $entry-> dn;
    print $userdn, “n”;
   #
   # $entry-> dump;
   #
    $entry-> replace(’unicodePwd’ => $newpw);
    $entry-> update($ldaps);
    #
	
}
#
$ldaps-> unbind;
#
__END__;

`

Copyright 2004-2019 Phil Lembo