I'm trying to add entries to an Active Directory using ldapadd. Here's my ldif file:
DN: CN=John_Smith,CN=Users,DC=ad,DC=example,DC=net
objectClass: user
CN: John_Smith
sn: John
givenName: Smith
displayName: John_Smith
sAMAccountName: jsmith
userPrincipalName: jsmith@example.net
I'm aware that if you attempt to modify/update or add a user password, Active Directory will require you to have a SSL connection to the server. However, this fails without me trying to update the user password. Here's the response:
adding new entry "CN=John_Smith,CN=Users,DC=example,DC=net"
ldap_add: Server is unwilling to perform (53)
additional info: 00002035: LdapErr: DSID-0C090D64, comment: Operation not allowed through GC port, data 0, v2580
This active directory was deployed using AWS Directory Service wizard.
Best Answer
Do not use the global catalogue port for user creation. If your server requires a SSL connection, use the ldaps port which defaults to to
636
.Also, please ensure the new password complies with your password complexity policy and password history policy. The
unwilling to perform
error message is a common result of a conflict with the password policy.