AD Attributes

Active Directory Attributes » Active Directory password attribute: User-Password

Active Directory password attribute: User-Password

This is a write-only attribute that stores a user’s password in UTF-8 format. It can be updated only by the Domain Admin or Account Owner. The userPassword attribute is used only if the domain functional level is less than Windows Server 2003.

CN User-Password
Ldap-Display-Name userPassword
Attribute-Id 2.5.4.35
System-Id-Guid bf967a6e-0de6-11d0-a285-00aa003049e2

For more details about this attribute, refer to this Microsoft document. To learn how to reset this attribute, check out this page.

Did you know that the default Active Directory password policy hasn’t changed much since it was introduced in the early 2000s? Passwords created using AD password policies are easily exploitable by hackers, and if you're using one, you are putting your organization at great risk.

ADSelfService Plus, an integrated Active Directory self-service password management, multi-factor authentication, and single sign-on solution, helps implement strong password complexity rules and multi-factor authentication (MFA) for endpoints, ensuring improved security against various password attacks.

  1. Custom password policy enforcer: Prevent users from setting weak and breached passwords for their accounts through an advanced password policy that bans dictionary words and keyboard sequences, and integrates with Have I Been Pwned?
  2. OU and group-based password policies: Create multiple password policies based on users’ privileges and assign them based on OUs and groups.
  3. Endpoint MFA: Add an extra layer of security to user accounts by enabling YubiKey, biometric, Google Authenticator, and other strong authentication methods for local and remote desktop logons to Windows, Linux, and Mac endpoints.
  4. Self-service password management: Allow users to reset passwords and unlock accounts on their own to reduce help desk tickets and improve employee productivity.

End all your password troubles today

Get Your Free Trial

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.