使用 dsmod 更改 Active Directory 用户密码
在 Windows Server 2016 上,我尝试使用 dsmod 更改活动目录密码。
DSMOD user "cn=xxxxxxxx,cn=users,dc=xxxxxxxx,dc=xxxxxxxx" -pwd xxxxxxxx -mustchpwd yes
我收到消息“objet de l'annuaire non trouvé”(我猜:“未找到目录对象”)
如果我尝试使用 dsadd 添加帐户,
DSADD user "cn=xxxxxxxxxx,cn=users,dc=xxxxxxxxxx,dc=xxxxxxxxxx" -pwd xxxxxxxxxx -display xxxxxxxxxx -desc "xxxxxxxxxx"
:我收到消息“le compte spécifié exite déjà”(我猜: “指定的帐户已存在”)
我做错了什么?
On windows Server 2016,i try to change a an active directory password with dsmod.
DSMOD user "cn=xxxxxxxx,cn=users,dc=xxxxxxxx,dc=xxxxxxxx" -pwd xxxxxxxx -mustchpwd yes
i have the message "objet de l'annuaire non trouvé" (i guess: "object of directory not found")
if i try to add the account with dsadd :
DSADD user "cn=xxxxxxxxxx,cn=users,dc=xxxxxxxxxx,dc=xxxxxxxxxx" -pwd xxxxxxxxxx -display xxxxxxxxxx -desc "xxxxxxxxxx"
i have the message "le compte spécifié existe déjà" (i guess: "account specified already exists")
What did i do wrong ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
• 根据该命令的官方文档,您用于修改AD 中用户密码的命令是正确的。但请确保您使用提升的权限从 powershell 执行此命令,特别是在修改特定用户的 AD 属性时使用域管理员的凭据。
• 其次,请确保您要更改密码的 AD 中用户对象的路径已从 Active Directory 站点和接口管理门户(即 ADSI 编辑接口)复制,因为它提供了正确的 DN(可分辨名称)。 AD中的那个物体。这将确保将准确且完美的 DN 用于要更改密码的对象。对于其他 AD 用户对象中存在的任何其他类似的用户对象,它不会留下任何歧义。
• 接下来,我建议您检查AD复制端口是否打开,即TCP UDP 135, 137, 138, 139, 445, 389, 636, 3268, 3269, 88, 53, 1512, 42, 49152 -65535。这些端口与有关 AD 的各种服务相关联,即 RPC 端点映射器、DNS 等。 WINS 解析、复制、RPC 动态端口等。确保可以从您尝试执行命令的服务器系统访问这些端口。
• 最后,请检查服务器系统有关此问题的日志,看看是否捕获了任何事件或输入。请检查下面的官方文档链接以获取与命令执行相关的参数: -
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732954(v=ws.11)
<一href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731279(v=ws.11)" rel= “不关注noreferrer">https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731279(v=ws.11)
• The command that you are using for modifying the password of a user in AD is correct as per the official documentation for this command. But please ensure that you are executing this command from the powershell with elevated privileges, specifically with domain administrator’s credentials as you are modifying the AD attributes for a specific user.
• Secondly, please ensure that the path of the user object in AD for which you want to change the password has been copied from Active Directory Site and Interfaces management portal, i.e., ADSI edit interface as it gives the correct DN (distinguished name) for that object in AD. This will ensure that the exact and perfect DN is used for the object for which password is to be changed. It will not leave any ambiguity there for any other likewise user object existing amidst other AD user objects.
• Next, I would suggest you to please check whether AD replication ports are open or not, i.e., TCP UDP 135, 137, 138, 139, 445, 389, 636, 3268, 3269, 88, 53, 1512, 42, 49152-65535. These ports are associated with various services regarding AD, viz., RPC Endpoint mapper, DNS< WINS resolution, replication, RPC dynamic ports, etc. Ensure that these are reachable from the server system through which you are trying to execute the command.
• Lastly, please check the server system’s logs regarding this issue to see whether any event or input for this is captured or not. Please check the official documentation link below for command execution related arguments: -
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732954(v=ws.11)
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731279(v=ws.11)