AD/AM Unsecured Passwords
Have you ever needed to bulk load AD/AM with a bunch of LDIF users for testing or conversion purposes, but been frustrated by its inability to allow password changes over an unsecured port?
Well this is can be easily remedied using the dsmgmt tool that is installed with AD/AM. The tool is located in c:\WINDOWS\ADAM. Here is an example of making the change to an AD/AM instance:
dsmgmt: ds behavior
ds behavior: Connections
server connections: connect to server localhost:389
Binding to localhost:389 ...
Connected to localhost:389 using credentials of locally logged on user.
server connections: quit
ds behavior: Allow passwd op on unsecured connection
Successfully modified DS Behavior to reset password over unsecured network.
Now entries can be added to the directory with clear text passwords. The setting can be just as easily reversed after the changes are made.
NOTE: making this change will not permit the COREid identity system to change passwords in AD/AM over an unsecured port. I am not sure why, but something in the application prevents it even though the AD/AM instance is configured to allow it.