Aint that the truth.  Well Shawn just ran out to make a beer and cig
run.  You ought to stop by and we can have a little tailgate party in
the parking lot.

Matt Stovall
Charleston Forge 
251 Industrial Park Drive 
Boone, NC 28607 
(828) 264-0100 ext. 159
[EMAIL PROTECTED]

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Tuesday, January 31, 2006 1:17 PM
To: [email protected]
Subject: Re: [ActiveDir] ADAM msds-UserPasswordExpired

The only thing that comes to mind as to why this might be the case is
that your useraccountcontrol value is incorrect for what you're trying
to do.  In order for the user to be required to reset their password,
UF_DONT_EXPIRE_PASSWD must not be set as well as I understand it.  Can
you check the user account control and make sure that the user object is
not configured to never expire the password?  
 
 
If this value is set to 0 and the User-Account-Control
<http://windowssdk.msdn.microsoft.com/library/en-us/adschema/adschema/a_
useraccountcontrol.asp>  attribute does not contain the
UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the
next logon 

 
On 1/30/06, Mr Oteece <[EMAIL PROTECTED]> wrote: 

        I am using ADAM R2. I am setting the password and pwdLastSet
        attributes via the ADAM ADSI Edit program.
msDS-UserPasswordExpired 
        does become TRUE if you backdate the password (to backdate the
        pwdLastSet, I set the system time back a year, set the pwd, then
        return it to current time). It just doesn't become TRUE if
pwdLastSet
        is 0.
        
        
        
        On 1/30/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
        > Just so we're on the same page, which version of ADAM are you
testing this
        > against?  Also, what are you using to set and test the test
conditions? 
        >
        > Al
        >
        >
        > On 1/27/06, Mr Oteece <[EMAIL PROTECTED]> wrote:
        > >
        > > I am looking at ADAM to store bindable users for
authentication. I am 
        > > seeing some unexpected behavior when it comes to the various
        > > attributes that ADAM is using instead of userAccountControl.
I would
        > > expect that setting pwdLastSet to 0 would cause
        > > msds-UserPasswordExpired to become TRUE. Attempting to bind
with a
        > > user with pwdLastSet = 0 does indeed fail. Yet looking at
the
        > > attributes in ADSIEDIT or LDP shows msds-UserPasswordExpired
to still 
        > > be false.
        > >
        > > Is that as expected? Is the logic to check both attributes
to
        > > determine if a pwd is expired? Or just check pwdLastSet and
ignore the
        > > msds-UserPasswordExpired attribute? 
        > > List info   : http://www.activedir.org/List.aspx34
        > > List FAQ    : http://www.activedir.org/ListFAQ.aspx 35
        > > List archive:
        > http://www.mail-archive.com/activedir%40mail.activedir.org/36
        > >
        >
        >
        List info   : http://www.activedir.org/List.aspx
        List FAQ    : http://www.activedir.org/ListFAQ.aspx
        List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
<http://www.mail-archive.com/activedir%40mail.activedir.org/> 
        




This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required please request a hard-copy version.  

Charleston Forge, 251 Industrial Park Drive, Boone, NC 28607 
http://www.charlestonforge.com


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to