默认情况下,Active Directory不允许进行密码操作,例如密码更新或使用LDAP连接创建密码的用户,它需要LDAPS连接。如何禁用此政策?我可以确保我的客户端和AD之间的连接是安全的,因此我不需要SSL加密。
答案 0 :(得分:7)
打开命令行(开始→运行→cmd)并键入以下命令:
dsmgmt ds behavior connections connect to server localhost quit allow passwd op on unsecured connection list current ds-behavior quit quit 整个事情应该是这样的(添加空行以便于阅读)
C:\Windows\system32>dsmgmt
dsmgmt: ds behavior
AD DS/LDS behavior: connections
server connections: connect to server localhost
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
server connections: quit
AD DS/LDS behavior: allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.
AD DS/LDS behavior: list current ds-behavior
Password operations on unsecured connection: Allowed.
AD DS/LDS behavior: quit
dsmgmt: quit
要撤消更改,请再次打开dsmgmt并按照步骤操作。而不是allow,请使用deny passwd op on unsecured connection。
来源:http://www.forumeasy.com/forums/thread.jsp?tid=135602313860&fid=ldapprof9