Hi,
I'm trying to change the password for an AD user account with the default workflow included in Orchestrator: 'Change a user password'
But every time I receive the error: Cannot update unicodePwd: (Dynamic Script Module name : setUserPassword#52994)
The Orchestrator version is: 5.5.2.1951762 (5.5.2.1946710)
The AD plugin is: Active Directory 1.0.5.1866388
Can anybody help me with this?
Kind regards,
Jonathan
Hi Jonathan,
Before running the "Change a user password" workflow, ensure you first run the "Configure Active Directory server" workflow, and within it you must select the "Use SSL" option (and verify that the Port changes to 636 instead of the default port 389).
The "Change a user password" workflow will only work if the LDAP connection to your Active Directory server is encrypted with SSL.
(see attached screenshot with an example)
Hope that solves your issue!
Hi Jonathan,
Before running the "Change a user password" workflow, ensure you first run the "Configure Active Directory server" workflow, and within it you must select the "Use SSL" option (and verify that the Port changes to 636 instead of the default port 389).
The "Change a user password" workflow will only work if the LDAP connection to your Active Directory server is encrypted with SSL.
(see attached screenshot with an example)
Hope that solves your issue!
I'll give this a try.
SSL isn't enabled.
But when I try it via the workflow I get this error:
Error connecting to address pocdc01.pocvirtual.local:636 : Remote host closed connection during handshake
And when I'm changing it via the web GUI I get this error:
Error | Unable to connect to LDAP Server | simple bind failed: pocdc01.pocvirtual.local:636 |
You may want to verify that your AD Domain Controller is enabled to accept LDAP over SSL (aka LDAPS)
To check it, you could use the Windows LDP tool: On your domain controller, click Start and type "ldp" in the search box to launch it.
Click Connection > Connect...
In the Connect window, type the FQDN of your server, select port 636, and select the SSL checkbox. Then click OK.
If LDAP over SSL is enabled, you should see around the 5th or 6th line in the connection output a message that reads:
"Host supports SSL, SSL cipher strength = xxx bits"
"Established connection to <your AD server>"
If the above fails it means LDAPS is not enabled on your AD DC. Do a Google search for "enabling LDAPS for domain controllers".
But if the above works, then maybe your Orchestrator server has problems accepting the DC's SSL certificate. Ensure that the option "Ask for confirmation when importing SSL certificate" is set to "No".