Author Posts

September 5, 2014 at 9:07 am

Anyone know the technique to correctly encode a string value in the format required by the Active Directory unicodePwd attribute? In other languages, this is pretty simple but I am missing something when using PowerShell?

September 5, 2014 at 9:11 am

That attribute is supposed to be a one-way hash (OWF) of the password, usable by downlevel (NT) systems, meaning it isn't a clear-text password. You're able to generate the correct OWF hash?

If so, http://stackoverflow.com/questions/1056692/how-to-encode-unicode-character-codes-in-a-powershell-string-literal may be helpful.

September 5, 2014 at 9:53 am

Well, not one-way, http://msdn.microsoft.com/en-ca/library/cc223248.aspx but none the less I am still unable to create a string that the DSA accepts:(

Thanks!

September 10, 2014 at 2:41 pm

Hey Dave,

Problem was related to code elsewhere, so the process is (as expected) like other languages:

# Surround password in quotes (I needed a random password).
$pwdString = '"{0}"' -f [guid]::NewGuid()

# Obtain byte array from UTF-16LE encoded string.
$encoding = [System.Text.Encoding]::GetEncoding('utf-16')
[byte[]]$pwdBin = $encoding.GetBytes($pwdString)

$stringEncoded = [Convert]::ToBase64String($pwdBin)

That encoded value can be applied directly to the field.