Set Active Directory Password in Delphi using LDAP

This article explains how to programmatically change an Active Directory user password using LDAP in Delphi or C++Builder. It focuses on the required data formatting, specifically how to encode the password correctly so that Active Directory accepts the update.

Active Directory enforces strict requirements when updating a user password through LDAP. The password must be assigned to the unicodePwd attribute, which expects the value in a specific binary format rather than a plain string.

There are two key requirements:

• The password must be enclosed in double quotes.
• It must be encoded as a UTF-16 (Unicode) byte sequence.

In Delphi/C++Builder, this means converting a UnicodeString into a RawByteString and assigning it to the binary attribute property AttrValueB. Using the standard string-based property will not work because it does not preserve the required byte representation.

The following example shows how to construct and send the password update using the IPWorks LDAP component:

ipWLDAP1->AttrCount = 1;
ipWLDAP1->AttrType[0] = "unicodePwd";
UnicodeString uStr = L"\"Mynewpassword1\"";
ipWLDAP1->AttrValueB[0] = RawByteString((char*)uStr.data(), uStr.Length()*2);
ipWLDAP1->AttrModOp[0] = (TipWLDAPSAttrModOps)amoReplace;
ipWLDAP1->Modify();

Note: That when converting a Unicode password to a RawByteString the AttrValuB property should be used.