To modify this attribute, the client must have a 128-bit Secure Sockets Layer/Transport Layer Security(SSL/TLS) or SASL encrypted connection to the server. The High Encryption pack must be installed on both the client and the server. For additional information about enabling SSL/TLS encryption, click the following article number to view the article in the Microsoft Knowledge Base:
Note When you use a base-64 encoder, you must make sure that it supports Unicode, or you will create an incorrect password.
There are two ways to modify the unicodePwd attribute. The first is analogous to a typical user change-password operation. In this case, the modify request must contain both a delete operation and an add operation. The delete operation must contain the current password enclosed in quotation marks and be Base64 encoded as described in RFC 1521. The add operation must contain the new password enclosed in quotation marks and be Base64 encoded.
The second way to modify the attribute is analogous to an administrator resetting a password for a user. To do this, the client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be Base64 encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.
The following sample Ldif file (chPwd.ldif) changes a password to newPassword:
For additional information, see the following documents: