3
默认情况下,Active Directory不允许执行密码操作,如密码更新或用户使用LDAP连接创建密码,它需要LDAPS连接。我如何禁用此政策?我可以确保我的客户端和AD之间的连接是安全的,所以我不需要SSL加密。如何在Active Directory中禁用“仅限LDAPS的密码操作”策略
默认情况下,Active Directory不允许执行密码操作,如密码更新或用户使用LDAP连接创建密码,它需要LDAPS连接。我如何禁用此政策?我可以确保我的客户端和AD之间的连接是安全的,所以我不需要SSL加密。如何在Active Directory中禁用“仅限LDAPS的密码操作”策略
打开命令行(开始→运行→cmd
)和输入下面的命令:
dsmgmt
ds behavior
connections
connect to server localhost
quit
allow passwd op on unsecured connection
list current ds-behavior
quit
quit
整个事情应该是这样的(空行增加了可读性)
C:\Windows\system32>dsmgmt
dsmgmt: ds behavior
AD DS/LDS behavior: connections
server connections: connect to server localhost
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
server connections: quit
AD DS/LDS behavior: allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.
AD DS/LDS behavior: list current ds-behavior
Password operations on unsecured connection: Allowed.
AD DS/LDS behavior: quit
dsmgmt: quit
要撤消的变化,开放dsmgmt
再次,并按照脚步。而不是allow
,请使用deny passwd op on unsecured connection
。
来源:http://www.forumeasy.com/forums/thread.jsp?tid=135602313860&fid=ldapprof9