Anonymous_User Absent Member.
Absent Member.
491 views

pwdlastset attribute gets disbaled after AD account creation


Hi,
We use IDM to provision new AD accounts and we set the pwdlastset
attribute value to "0" to prompt users to change their passwords after
first login. The problem is that the attribute get set to "0" and
disabled again afterwards. We have password synchronization enabled
between AD and IDM. I went through the logs to check what might be
causing this but to no avail :(.


--
bzanin
------------------------------------------------------------------------
bzanin's Profile: https://forums.netiq.com/member.php?userid=9162
View this thread: https://forums.netiq.com/showthread.php?t=53502

Labels (1)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: pwdlastset attribute gets disbaled after AD account creation

This is likely a better questy for the engine/drivers forum; please
include a level three trace of the events including the create and
everything following. My guess is that your create event is sending a
password, so even though you send pwdLastSet as 0, the password change
from eDir right after that undoes this when the password synchronizes.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: pwdlastset attribute gets disbaled after AD account creation

bzanin <bzanin@no-mx.forums.microfocus.com> wrote:
> Hi,
> We use IDM to provision new AD accounts and we set the pwdlastset
> attribute value to "0" to prompt users to change their passwords after
> first login. The problem is that the attribute get set to "0" and
> disabled again afterwards. We have password synchronization enabled
> between AD and IDM. I went through the logs to check what might be
> causing this but to no avail :(.
>


Password last set can't be set during add.
You need to set it "after" or trigger it based on add-association

Also if the user is inactive in AD afterwards, that is likely because there
is no password set on the user in AD.

Post a level 3 trace if you are still experiencing issues.

--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.