默认情况下,Active Directory 不允许执行密码操作,例如密码更新或通过 LDAP 连接使用密码创建用户,它需要 LDAPS 连接。如何禁用此策略?我可以确保我的客户端和 AD 之间的连接是安全的,所以我不需要 SSL 加密。
问问题
3824 次
1 回答
8
打开命令行(开始 → 运行 → cmd)并键入以下命令:
dsmgmtds behaviorconnectionsconnect to server localhostquitallow passwd op on unsecured connectionlist current ds-behaviorquitquit
整个事情应该是这样的(为了可读性添加了空行)
C:\Windows\system32>dsmgmt
dsmgmt: ds behavior
AD DS/LDS behavior: connections
server connections: connect to server localhost
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
server connections: quit
AD DS/LDS behavior: allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.
AD DS/LDS behavior: list current ds-behavior
Password operations on unsecured connection: Allowed.
AD DS/LDS behavior: quit
dsmgmt: quit
要撤消更改,请dsmgmt再次打开并按照步骤操作。而不是allow,使用deny passwd op on unsecured connection.
资料来源:http ://www.forumeasy.com/forums/thread.jsp?tid=135602313860&fid=ldapprof9
于 2013-06-03T12:29:35.300 回答