ldap3 icon indicating copy to clipboard operation
ldap3 copied to clipboard
verified publisher icon cannatag

How can an AD user change password when NT_STATUS_PASSWORD_MUST_CHANGE is set

Open a23s4a opened this issue 2 years ago • 0 comments

It is often a case in Active Directory when a new user is created or the password of an existing user has been reset with the option "User must change password on the next logon" Is there a way for such a user to change his password via ldap3? As I understand, https://ldap3.readthedocs.io/ldap3.extend.microsoft.html requires a successful bind before changing password. When the option above is set for the user, connection.bind() always returns False. If I try to change the password without bind it returns False as well: server = Server('ldap://addc.somedomain.org', get_info=ALL) conn = Connection(server, user="[email protected]", password="P@ASSwword1") conn.start_tls() => True conn.bind() => False dn = 'My well known DN' conn.extend.microsoft.modify_password(user=dn, old_password="P@ASSwword1", new_password="NewPass!#@rd", controls=None) => False`

a23s4a avatar Feb 27 '23 06:02 a23s4a