We have a customer who would like to implement SSPR against AD. But they do not want to extend schema.
Based on documentations it looks like LDAP schema extension is only needed for storing challenge-response information:
But looking at schema file there are attributes that could mean schema extension is also needed for other stuff, like pwmEventLog, pwmLastPwdUpdate, pwmGUID and pwmData.
Since customer will use remote database for challenge-response storage, is LDAP schema extension still needed? Will SSPR work without it?