如何禁用“仅通过LDAPS进行密码操作”； Active Directory中的策略 [英] How to Disable "Password Operations Over LDAPS Only" policy in Active Directory

问题描述

默认情况下，Active Directory不允许进行密码更新或通过LDAP连接使用密码创建用户之类的密码操作，它需要LDAPS连接。如何禁用此策略？我可以确保客户端和AD之间的连接是安全的，因此不需要SSL加密。

By default Active Directory doesn't allow to do password operations such as password updates or user creating with passwords over an LDAP connection, it requires an LDAPS connection. How can I disable this policy? I can ensure the connection between my client and the AD is secure, so I do not need SSL encryption.

推荐答案

打开命令行（开始→运行→ cmd ），然后键入以下命令：

Open a command line (Start → Run → cmd) and type the following commands:

• dsmgmt


• ds行为


• 连接


• 连接到服务器本地主机


• 退出


• 在不安全的连接上允许passwd op


• 列出当前的ds行为


• 退出


• 退出

• dsmgmt
• ds behavior
• connections
• connect to server localhost
• quit
• allow passwd op on unsecured connection
• list current ds-behavior
• quit
• quit

整个内容应如下所示（为便于阅读，添加了空行）

The whole thing should look like this (empty lines added for readability)

C:\Windows\system32>dsmgmt

dsmgmt: ds behavior

AD DS/LDS behavior: connections

server connections: connect to server localhost
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.

server connections: quit

AD DS/LDS behavior: allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.

AD DS/LDS behavior: list current ds-behavior
Password operations on unsecured connection: Allowed.

AD DS/LDS behavior: quit
dsmgmt: quit

要撤消更改，请再次打开 dsmgmt 并按照以下步骤操作。代替 allow ，在不安全的连接上使用 deny passwd op 。

To undo the change, open dsmgmt again and follow the steps. Instead of allow, use deny passwd op on unsecured connection.

来源： http://www.forumeasy.com /forums/thread.jsp?tid=135602313860&fid=ldapprof9

这篇关于如何禁用“仅通过LDAPS进行密码操作”； Active Directory中的策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！