Aint that the truth. Well Shawn just ran out to make a beer and cig run. You ought to stop by and we can have a little tailgate party in the parking lot.
Matt Stovall Charleston Forge 251 Industrial Park Drive Boone, NC 28607 (828) 264-0100 ext. 159 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, January 31, 2006 1:17 PM To: [email protected] Subject: Re: [ActiveDir] ADAM msds-UserPasswordExpired The only thing that comes to mind as to why this might be the case is that your useraccountcontrol value is incorrect for what you're trying to do. In order for the user to be required to reset their password, UF_DONT_EXPIRE_PASSWD must not be set as well as I understand it. Can you check the user account control and make sure that the user object is not configured to never expire the password? If this value is set to 0 and the User-Account-Control <http://windowssdk.msdn.microsoft.com/library/en-us/adschema/adschema/a_ useraccountcontrol.asp> attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon On 1/30/06, Mr Oteece <[EMAIL PROTECTED]> wrote: I am using ADAM R2. I am setting the password and pwdLastSet attributes via the ADAM ADSI Edit program. msDS-UserPasswordExpired does become TRUE if you backdate the password (to backdate the pwdLastSet, I set the system time back a year, set the pwd, then return it to current time). It just doesn't become TRUE if pwdLastSet is 0. On 1/30/06, Al Mulnick <[EMAIL PROTECTED]> wrote: > Just so we're on the same page, which version of ADAM are you testing this > against? Also, what are you using to set and test the test conditions? > > Al > > > On 1/27/06, Mr Oteece <[EMAIL PROTECTED]> wrote: > > > > I am looking at ADAM to store bindable users for authentication. I am > > seeing some unexpected behavior when it comes to the various > > attributes that ADAM is using instead of userAccountControl. I would > > expect that setting pwdLastSet to 0 would cause > > msds-UserPasswordExpired to become TRUE. Attempting to bind with a > > user with pwdLastSet = 0 does indeed fail. Yet looking at the > > attributes in ADSIEDIT or LDP shows msds-UserPasswordExpired to still > > be false. > > > > Is that as expected? Is the logic to check both attributes to > > determine if a pwd is expired? Or just check pwdLastSet and ignore the > > msds-UserPasswordExpired attribute? > > List info : http://www.activedir.org/List.aspx34 > > List FAQ : http://www.activedir.org/ListFAQ.aspx 35 > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/36 > > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ <http://www.mail-archive.com/activedir%40mail.activedir.org/> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Charleston Forge, 251 Industrial Park Drive, Boone, NC 28607 http://www.charlestonforge.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
