Using unixUserPassword attribute properly

In my last posts I discussed regarding NIS and LDAP implantation using new RFC 2307 compliant schema on Windows environment. An important aspect of using these much depends on unixUserAttribute. If you want the Active directory users to change their Windows password and at the same time this attributes to be updated we need to ensure couples of pre-conditions are fulfilled.

  • Install Password sync component on All Domain Controllers. (BTW, you need schema administrator privilege to perform this installation).
  • The default encryption key is changed for password synchronization

Password Sync - Encryption Keys


































  • The user has a NON NULL value in msSFU30NISDOmain attribute

  •  Under “Windows to NIS (AD) Password Sync” “Enable Windows to NIS (AD) Password Sync check box is selected.

  • Password Sync - NIS to AD