Difference between userPassword and unicodePWD

Difference between userPassword and unicodePWD: Posted by MattW on February 23rd, 2004; Wanted to know what the differences were between userPassword and unicodePWD in windows 2003 and ADAM schema?

1. What are the reasons for choosing one over the other to store a user's password

2. Which one makes more sense for an ADAM implementation

3. Can the same code used for setting passwords in both attributes

4. Do they use the same encryption scheme? Is one more secure over the other

5. If you set one, does the other one get automatically populated? (I am assuming not

6. Is there any literature/documentation comparing the uses of both

Thanks for any info you can share on these attributes

matt; Posted by Chriss3 on February 23rd, 2004; Have you seen Platform SDK: Active Directory Schema

http://msdn.microsoft.com/library/de...unicodepwd.asp

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

"MattW" <anonymous@discussions.microsoft.com> skrev i meddelandet
news:4A58C021-502F-4D30-A438-844EBF0AD117@microsoft.com...; Posted by Chriss3 on February 23rd, 2004; I know. in fact I never used ADAM self. when you are 17years old school take
up all the time :-(

How ever wait for the ADAM guys=)

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1

"MattW" <anonymous@discussions.microsoft.com> skrev i meddelandet
news:E958B761-311A-4DDF-B841-B0723E5E2E03@microsoft.com...; Posted by Dmitri Gavrilov [MSFT] on February 23rd, 2004; It's a bit complicated.

unicodePwd is the "real password attribute", in both AD and ADAM. That's
what is used for user binds. It has a very specific formatting requirements.
Whenever you set a value, it must be a unicode string enclosed in double
quotes.

userPassword is "switchable". It can be turned into a regular attribute, or
it can be turned into a write-alias for unicodePwd. AD by default has it as
a regular attribute. ADAM by default has it as a unicodePwd alias. This is
controlled by the 9th char of dsHeuristics. 0 is the default (different in
AD w2k3 and ADAM). 1 means "userPassword is write-alias for unicodePwd", 2
means "userPassword is a regular attribute".

When userPassword is a write-alias for unicodePwd, it is written as a
regular value, no unicode, no double-quotes. However, passwords can never be
read.

When userPassword is a regular attribute, you can read and write it, but you
can not bind with it.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"MattW" <anonymous@discussions.microsoft.com> wrote in message
news:4A58C021-502F-4D30-A438-844EBF0AD117@microsoft.com...

Similar Posts

What is the difference between (Microsoft Windows) by b11_
What Is Difference Between- (Computers & Technology) by Harry
SAN, NAS what's the difference? (Storage Devices) by The little lost angel
populate userPassword from ldif-file (Windows 2003) by Johan
What's the difference between 64 bit and 32 bit (Windows CRM) by Helen