Anyone know the technique to correctly encode a string value in the format required by the Active Directory unicodePwd attribute? In other languages, this is pretty simple but I am missing something when using PowerShell?
That attribute is supposed to be a one-way hash (OWF) of the password, usable by downlevel (NT) systems, meaning it isn’t a clear-text password. You’re able to generate the correct OWF hash?
If so, How do I encode Unicode character codes in a PowerShell string literal? - Stack Overflow may be helpful.
Well, not one-way, http://msdn.microsoft.com/en-ca/library/cc223248.aspx but none the less I am still unable to create a string that the DSA accepts:(
Thanks!
Hey Dave,
Problem was related to code elsewhere, so the process is (as expected) like other languages:
# Surround password in quotes (I needed a random password).
$pwdString = '"{0}"' -f [guid]::NewGuid()
# Obtain byte array from UTF-16LE encoded string.
$encoding = [System.Text.Encoding]::GetEncoding('utf-16')
[byte[]]$pwdBin = $encoding.GetBytes($pwdString)
$stringEncoded = [Convert]::ToBase64String($pwdBin)
That encoded value can be applied directly to the field.