So, I want to create a user account in Windows 2003 using Active Directory using JNDI. I follow the following example: http://forums.sun.com/thread.jspa?threadID=582103 (first post). The following code raises an LDAP error, which I believe is due to a chicken and egg problem when creating a user and then setting a password that is limited to a minimum password time of 1 day.
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
I get the error code Ldap: 53 problem 5003 (cannot execute) when it tries to set a password, which I believe is the minimum password age. What is really strange is that if I go to the active directory of users and computers as a domain administrator, I also can’t set a password. The only way I can change it is to select the reset password option and then enable "the user must change the account the next time he logs in." After that, I can set the password both programmatically and through a graphical interface.
, , , . , 5003.
- JNDI Windows 2003? .