cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Active Directory- Create User Password

bcastro
Deputy Chef I
Deputy Chef I

Hello automation Pros!

I am working on a recipe that creates users in Active Directory using Windows Server.

I am trying to map Password but I can't find the field to map it.

According to AD Docs the field should be: userPassword

Searching by Passw... in the list of fields to map I found the ones in the image attached.


Anyone one that can help?

1 ACCEPTED SOLUTION

ndy
Deputy Chef III
Deputy Chef III

Dear, @bcastro .

The error message you're encountering (LDAP: error code 53 - 0000001F: SvcErr: DSID-031A125F, problem 5003 (WILL_NOT_PERFORM)) typically occurs when Active Directory refuses to perform a password change operation. This is often due to how the password is being passed or because of a policy constraint in LDAP/Active Directory.
Common Causes:

  • Password Encoding: Active Directory (AD) requires the password to be in a specific format (UTF-16LE encoding) and enclosed in double quotes. This is a common reason for failure if you are passing a simple string.
  • LDAP Policies: Your Active Directory might have password policies in place (like password complexity, expiration, or length) that could be causing the issue.
  • Permissions: The account you're using to perform the operation might not have the necessary permissions to change or set passwords.
  • Secure LDAP (LDAPS): Password operations in AD typically require a secure LDAP connection (LDAPS). If LDAPS is not being used, AD may refuse the operation with the WILL_NOT_PERFORM error.
Nguyen Duc Y

View solution in original post

8 REPLIES 8

ndy
Deputy Chef III
Deputy Chef III

Dear, @bcastro .

The error message you're encountering (LDAP: error code 53 - 0000001F: SvcErr: DSID-031A125F, problem 5003 (WILL_NOT_PERFORM)) typically occurs when Active Directory refuses to perform a password change operation. This is often due to how the password is being passed or because of a policy constraint in LDAP/Active Directory.
Common Causes:

  • Password Encoding: Active Directory (AD) requires the password to be in a specific format (UTF-16LE encoding) and enclosed in double quotes. This is a common reason for failure if you are passing a simple string.
  • LDAP Policies: Your Active Directory might have password policies in place (like password complexity, expiration, or length) that could be causing the issue.
  • Permissions: The account you're using to perform the operation might not have the necessary permissions to change or set passwords.
  • Secure LDAP (LDAPS): Password operations in AD typically require a secure LDAP connection (LDAPS). If LDAPS is not being used, AD may refuse the operation with the WILL_NOT_PERFORM error.
Nguyen Duc Y

bcastro
Deputy Chef I
Deputy Chef I

Updating my own thread. Set password ONLY works with an SSL Connection.

Hi @bcastro.  Do you by chance have instructions for setting up Active Directory/LDAP SSL? What little information I can find does not provide enough detail. 

Thanks in advance.

jeremyo
Deputy Chef I
Deputy Chef I

That was the destination I arrived at as well. It makes sense that security operations require a secure connection.