So I want to create a user account in Windows 2003 with Active Directory utilizing JNDI. I am following the following example: http://forums.sun.com/thread.jspa?threadID=582103 (first post). The following code is throwing an LDAP error I believe due to a chicken and egg problem of creating a user and then setting a password that is constrained by a minimum password age of 1 day.
//Replace the "unicdodePwd" attribute with a new value
//Password must be both Unicode and a quoted string
String newQuotedPassword = "\"Password2000\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED)));
// Perform the update
ctx.modifyAttributes(userName, mods);
System.out.println("Set password & updated userccountControl");
I am getting a Ldap Error Code: 53 problem 5003 (unable to perform) when it tries to set the password which I believe is the minimum password age. What is really odd is that if I go into active directory users and computers as the domain admin I can't set the password either. The only way I can get it to change is if I select the reset password' option and then enable the 'user must change account at next logon.' After I set this, then I can set the password both programmatically and through the GUI.
I also tried setting the change password at next logon after the create but before I did the password change in my code but this didn't work either. It did change the box but I still was unable to change the password and got the 5003 error.
Has anyone had any experience using JNDI to create users with a minimum password age on Windows 2003? Any help would be much appreciated.