Active directory password attribute

I"ve check out a tiny about the topic of the userPassword attribute in ADVERTISEMENT and also exactly how it have the right to be collection as a write-alias for unicodePwd.

You watching: Active directory password attribute

We"re considering moving from OpenLDAP to ADVERTISEMENT. I can extract the userPassword from OpenLDAP as a salted hamelted string sshablabla... My question is, can I then set this password "as is" in the userPassword attribute of AD via write-alias activated, and have that then update the unicodePwd attribute automatically? Or does the userPassword field intend passwords in clear?

Basically is tbelow any type of means I deserve to deliver the user passwords from OpenLDAP to AD?


I don"t believe it have the right to be done, due to the reality that the hash is not reversible and is salted.

Typically, also in between ADVERTISEMENT domain names, tools that perform this intercept the password change request at the domajor controller level and also execute the change on both domains at the exact same time, it is not done via a synchronization of the actual LDAP attribute information.

See more: Yelp Adds Active Cleanup Alert ' For Va, Yelp Activates “Cleanup Alert” In Response To One

I"d indicate investigating choices such as a web interchallenge wbelow human being could authenticate versus the old LDAP that would grab the password and also collection it in AD, or somepoint equivalent.



Thanks for contributing a solution to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid

Asking for assist, clarification, or responding to various other answers.Making statements based upon opinion; back them up via recommendations or personal experience.

See more: How To Defrag A System Reserved 100 Fragmented Windows 10 0% Fragmented)

To learn even more, see our tips on writing good answers.

Message Your Answer Discard

By clicking “Blog post Your Answer”, you agree to our terms of company, privacy plan and cookie policy

Not the answer you're looking for? Browse various other concerns tagged active-catalog password or ask your very own question.


website style / logo design © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev2021.4.9.39043

Server Fault works best through JavaScript enabled

Your privacy

By clicking “Accept all cookies”, you agree Stack Exreadjust deserve to store cookies on your gadget and discshed indevelopment in accordance via our Cookie Policy.