I am looking at ADAM to store bindable users for authentication. I am seeing some unexpected behavior when it comes to the various attributes that ADAM is using instead of userAccountControl. I would expect that setting pwdLastSet to 0 would cause msds-UserPasswordExpired to become TRUE. Attempting to bind with a user with pwdLastSet = 0 does indeed fail. Yet looking at the attributes in ADSIEDIT or LDP shows msds-UserPasswordExpired to still be false.
Is that as expected? Is the logic to check both attributes to determine if a pwd is expired? Or just check pwdLastSet and ignore the msds-UserPasswordExpired attribute? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
