The only thing that comes to mind as to why this might be the case is that your useraccountcontrol value is incorrect for what you're trying to do. In order for the user to be required to reset their password, UF_DONT_EXPIRE_PASSWD must not be set as well as I understand it. Can you check the user account control and make sure that the user object is not configured to never expire the password?
If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon
On 1/30/06, Mr Oteece <[EMAIL PROTECTED]> wrote:
I am using ADAM R2. I am setting the password and pwdLastSet
attributes via the ADAM ADSI Edit program. msDS-UserPasswordExpired
does become TRUE if you backdate the password (to backdate the
pwdLastSet, I set the system time back a year, set the pwd, then
return it to current time). It just doesn't become TRUE if pwdLastSet
is 0.
On 1/30/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
> Just so we're on the same page, which version of ADAM are you testing this
> against? Also, what are you using to set and test the test conditions?
>
> Al
>
>
> On 1/27/06, Mr Oteece <[EMAIL PROTECTED]> wrote:
> >
> > I am looking at ADAM to store bindable users for authentication. I am
> > seeing some unexpected behavior when it comes to the various
> > attributes that ADAM is using instead of userAccountControl. I would
> > expect that setting pwdLastSet to 0 would cause
> > msds-UserPasswordExpired to become TRUE. Attempting to bind with a
> > user with pwdLastSet = 0 does indeed fail. Yet looking at the
> > attributes in ADSIEDIT or LDP shows msds-UserPasswordExpired to still
> > be false.
> >
> > Is that as expected? Is the logic to check both attributes to
> > determine if a pwd is expired? Or just check pwdLastSet and ignore the
> > msds-UserPasswordExpired attribute?
> > List info : http://www.activedir.org/List.aspx34
> > List FAQ : http://www.activedir.org/ListFAQ.aspx 35
> > List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/36
> >
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
