PROBLEM

In a recent case, we were attempting to create Active Directory User Accounts.  The Active Directory User object would be created, but disabled.  Attempting to enable the account in Active Directory prompts us with a message pertaining to the password not being set.

We are setting the password on new objects via UnicodePwd.  This is a static value.  So we are concerned as to what the problem actually is here.

CAUSE

A review of a network trace indicated an error with KPASSWD call that failed.

KDC_ERR_S_PRINCIPAL_UNKNOWN  (Service Principal Unknown)

RESOLUTION

In this case, we discovered that one of the Windows Server 2008 Domain Controllers was not at Service Pack 1.  We upgraded that domain controller to Service Pack 1 and then tested the export and all is well.

SEE ALSO