none
Ldap Active directory change password Unwilling to perform Error 53

    Question

  • While changing password of Active directory user with service account ,However i am getting LDAP Error no 53 Unwilling to perform error. So anbody well aware about this Error please tell how this error is getting.


    • Edited by Namjith M A Wednesday, May 6, 2015 11:18 AM
    Wednesday, May 6, 2015 11:17 AM

Answers

All replies

  • Are you changing the password through a script? Please post in detail.

    Darshan

    Wednesday, May 6, 2015 11:29 AM
  • Hello,

    Please paste the script details here.

    Wednesday, May 6, 2015 11:48 AM
  • Looks like you are using script to change the password.

     is the same error prompt for other users as well when pass change ?..

    Hope you are following your domain password policy requirements to change the password. if not, try restting the password based on your password policy.


    Devaraj G | Technical solution architect

    Wednesday, May 6, 2015 1:16 PM
  • public function pwd_encryption($password){

    $password = '"' . $password . '"';
                    if (function_exists('mb_convert_encoding')) {
                        $password = mb_convert_encoding($password, 'UTF-16LE', 'UTF-8');
                    } elseif (function_exists('iconv')) {
                        $password = iconv('UTF-8', 'UTF-16LE', $password);
                    } else {
                        $len = strlen($password);
                        $new = '';
                        for ($i = 0; $i < $len; $i++) {
                            $new .= $password[$i] . "\x00";
                        }
                        $password = $new;
                    }
                    return base64_encode($password);



    }

    This is  the php function using for password encryption. And i am trying to change unicodePwd attribute. 

    For eg: for car it will return IgBjAGEAcgAiAA==

    Thursday, May 7, 2015 5:03 AM
  • public function pwd_encryption($password){

    $password = '"' . $password . '"';
                    if (function_exists('mb_convert_encoding')) {
                        $password = mb_convert_encoding($password, 'UTF-16LE', 'UTF-8');
                    } elseif (function_exists('iconv')) {
                        $password = iconv('UTF-8', 'UTF-16LE', $password);
                    } else {
                        $len = strlen($password);
                        $new = '';
                        for ($i = 0; $i < $len; $i++) {
                            $new .= $password[$i] . "\x00";
                        }
                        $password = $new;
                    }
                    return base64_encode($password);



    }

    This is  the php function using for password encryption. And i am trying to change unicodePwd attribute. 

    For eg: for car it will return IgBjAGEAcgAiAA==

    Thursday, May 7, 2015 5:04 AM
  • Yes i am using PHP script to change password and i am following password policy given by them. 

    I am using Service account for change all user password. Password attribute trying to change is unicodePwd


    Thursday, May 7, 2015 5:12 AM
  • The error indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules.

    Or the modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action.

    You may follow this informative article for LDAP Password Changes in Active Directory : http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html

    Moreover, If the user is available within the domain, you may also try our free Lepide local user management tool that would be nice approach to easily reset passwords in few clicks.


    Lepide - Simplifying IT Management

    Thursday, May 7, 2015 7:38 AM
  • > attribute trying to change is *unicodePwd*
     
    You are trying to write directly to that attribute? That will not work
    and never has worked...
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Thursday, May 7, 2015 8:46 AM
  • The password can be changed from the attribute unicodepwd. It is very much possible

    Wednesday, April 26, 2017 11:24 AM