We have IDM 4.5.2 syncing users between eDir and AD, and have password sync through that driver. If we have the user pwd expiring from eDir and the user logs into Groupwise they are prompted to change their password and that password change syncs. On the other hand, if we have the password expired in AD and the user is prompted from their Windows workstation to change their password, that does not sync. If the password in AD is not set to expire but the user changes their password on their workstation it syncs as it is supposed to.
What seems to be the problem is when the user is forced to change their password by AD. On a user object in iManager if I check their password status under those circumstances, it will display the following:
"Not Synchronized. Check password connection validation.Bind failed because of one or more of the following errors.The user's password must be changed before logging on the first time.Invalid Credentials"
Is this something to be expected? I do not have GroupWise accounts for all users so I cannot fall back to having eDir be the only place where their password would expire - I have to have AD do it.
Any feedback would be appreciated