是否可以通过Azure AD域服务通过LDAPS更新用户密码？ [英] Is it possible to update a users password over LDAPS through Azure AD Domain Services?

问题描述

我可以通过LDAPS向AAD DS做其他事情，绑定，读取组成员等但不更新密码。

I can do everything else to AAD DS through LDAPS, bind, read group members etc but not update passwords.

当我尝试更新其他用户的密码时，我收到消息：

When I try and update another users' password, I get the message:

INSUFFICIENT_ACCESS: {'info': '00002098: SecErr: DSID-03150E49, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\n', 'desc': 'Insufficient access'}

我是一个帐户using是AAD DC管理员的成员，并拥有Azure租户的"所有者"。

The account I'm using is a member of AAD DC Administrators and has the 'Owner' on the Azure tenant.

我正在尝试更新的帐户是普通用户。

The account I'm trying to update is a normal user.

有什么想法吗？ ta

Any ideas? ta

推荐答案

我不认为这是可能的Azure AD是对象的主要权限。并且您无法获得每个LDAP属性的写入权限 对于AAD域服务中的用户对象，为什么会出现上述错误。架构受限于
，无法与本地AD进行比较。 

I do not think this is possible as the Azure AD is the main authority of the objects. And you do not get write access on every LDAP attribute  for the user object in AAD domain services that why you get the error mentioned. The schema is restricted and it cannot be compared with on-prem AD . 

这篇关于是否可以通过Azure AD域服务通过LDAPS更新用户密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！