I need to change the logonHours attribute in Active Directory over LDAP, eg. using ldapmodify. The attribute is of type byte string.
Is this possible?
Ldap – Modifying Active Directory logonHours attribute over LDAP
active-directoryldap
Related Topic
- LDAP – How to Figure Out LDAP Connection String
- Ldap – Active Directory 4003 (INSUFF_ACCESS_RIGHTS) – LDAP: error code 50 – 00002098: SecErr: DSID-03150A45
- LDAP – How to Add New Attribute to Existing User Objects
- Ldap – How to change an attribute value for all entries of ldap directory using ldapmodify command
- Powershell – instanceType attribute in Active Directory
- Ldap – Modify Active Directory attribute max length
Best Answer
Use base64 encoding of the binary string in your LDAP change. The
::specifies that the value is base64 encoded.So, here's the base64 encoded version of 21 bytes of
11111111, to allow login always:And here's
00000000, for never:And, say, 9 to 5 on Monday through Friday: