AD requires SSL/TLS by default to modify the unicodePwd attribute. This is probably the source of a lot of
confusion when trying to create/modify a user and sending a password across. The default error from LDAP is
not very helpful. This at least makes it clear what the problem is. However, it is possible for someone to disable
the requirement for AD to require SSL/TLS for password modifications. But I cannot imagine that being a common
change.