如何禁用“仅通过LDAPS进行密码操作”; Active Directory中的策略 [英] How to Disable "Password Operations Over LDAPS Only" policy in Active Directory
问题描述
默认情况下,Active Directory不允许进行密码更新或通过LDAP连接使用密码创建用户之类的密码操作,它需要LDAPS连接。如何禁用此策略?我可以确保客户端和AD之间的连接是安全的,因此不需要SSL加密。
By default Active Directory doesn't allow to do password operations such as password updates or user creating with passwords over an LDAP connection, it requires an LDAPS connection. How can I disable this policy? I can ensure the connection between my client and the AD is secure, so I do not need SSL encryption.
推荐答案
打开命令行(开始→运行→ cmd
),然后键入以下命令:
Open a command line (Start → Run → cmd
) and type the following commands:
-
dsmgmt
-
ds行为
-
连接
-
连接到服务器本地主机
-
退出
-
在不安全的连接上允许passwd op
-
列出当前的ds行为
-
退出
-
退出
dsmgmt
ds behavior
connections
connect to server localhost
quit
allow passwd op on unsecured connection
list current ds-behavior
quit
quit
整个内容应如下所示(为便于阅读,添加了空行)
The whole thing should look like this (empty lines added for readability)
C:\Windows\system32>dsmgmt
dsmgmt: ds behavior
AD DS/LDS behavior: connections
server connections: connect to server localhost
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
server connections: quit
AD DS/LDS behavior: allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.
AD DS/LDS behavior: list current ds-behavior
Password operations on unsecured connection: Allowed.
AD DS/LDS behavior: quit
dsmgmt: quit
要撤消更改,请再次打开 dsmgmt
并按照以下步骤操作。代替 allow
,在不安全的连接上使用 deny passwd op
。
To undo the change, open dsmgmt
again and follow the steps. Instead of allow
, use deny passwd op on unsecured connection
.
来源: http://www.forumeasy.com /forums/thread.jsp?tid=135602313860&fid=ldapprof9
这篇关于如何禁用“仅通过LDAPS进行密码操作”; Active Directory中的策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!