This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Active Directory- Create User Password

Go to solution
bcastro
Deputy Chef I
Deputy Chef I

โ€Ž05-11-2022 09:17 PM

Hello automation Pros!

I am working on a recipe that creates users in Active Directory using Windows Server.

I am trying to map Password but I can't find the field to map it.

According to AD Docs the field should be: userPassword

Searching by Passw... in the list of fields to map I found the ones in the image attached.


Anyone one that can help?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
ndy
Deputy Chef III
Deputy Chef III
In response to bcastro

โ€Ž10-15-2024 12:44 AM - edited โ€Ž10-15-2024 12:46 AM

Dear, @bcastro .

The error message you're encountering (LDAP: error code 53 - 0000001F: SvcErr: DSID-031A125F, problem 5003 (WILL_NOT_PERFORM)) typically occurs when Active Directory refuses to perform a password change operation. This is often due to how the password is being passed or because of a policy constraint in LDAP/Active Directory.
Common Causes:

  • Password Encoding: Active Directory (AD) requires the password to be in a specific format (UTF-16LE encoding) and enclosed in double quotes. This is a common reason for failure if you are passing a simple string.
  • LDAP Policies: Your Active Directory might have password policies in place (like password complexity, expiration, or length) that could be causing the issue.
  • Permissions: The account you're using to perform the operation might not have the necessary permissions to change or set passwords.
  • Secure LDAP (LDAPS): Password operations in AD typically require a secure LDAP connection (LDAPS). If LDAPS is not being used, AD may refuse the operation with the WILL_NOT_PERFORM error.
Nguyen Duc Y

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
chijie
Workato employee
Workato employee

โ€Ž05-11-2022 09:25 PM

Hi Berenice,

Setting a user's password is actually a separate action..so you can have an action to create the user first, then a subsequent one to set the password.



Hope this helps!

--
0 Kudos

Go to solution
jeremyo
Deputy Chef I
Deputy Chef I

โ€Ž05-11-2022 09:42 PM

Just extending CJ's answer...


I think you also need to connect to AD using LDAPS (port 636).

0 Kudos

Go to solution
bcastro
Deputy Chef I
Deputy Chef I

โ€Ž05-11-2022 11:38 PM

I was able to find Operation Set User Password in Active Directory. Thanks.

0 Kudos

Go to solution
bcastro
Deputy Chef I
Deputy Chef I

โ€Ž05-31-2022 06:07 PM

Hello Again automation Pros! Continuing with this thread. While using Set Password to User operation I am getting error:


[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A125F, problem 5003 (WILL_NOT_PERFORM), data 0

]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A125F, problem 5003 (WILL_NOT_PERFORM), data 0


I am passing the password as a siple string without encoding it.

Anyone has experienced the same issue? Is it related to the Password Policy set in LDAP? Thanks

0 Kudos
Copyright © 2024 Khoros, LLC