My Oracle Support Banner

"User must change password at next logon" Flag Turns Off Automatically Using Both Active Directory User Management (ADUM) 11.1.1.6 Connector and Active Directory (AD) Password Synchronization 9.1.1.5 Connector (Doc ID 2024584.1)

Last updated on AUGUST 30, 2023

Applies to:

Identity Manager Connector - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

In the environment using both of Microsoft ADUM connector 11.1.1.6 and Microsoft AD Password Synchronization 9.1.1.5 Connector, the "User must change password at next logon" flag in Active Directory(AD) automatically turns off when a Windows Administrator resets an account's password from the AD side.
It happens though the "Enforce password history" policy of MS Windows.


Flow:
1. Reset an account's password from AD console.
2. AD Password Sync module detects it and sends the password to OIM side.
3. Oracle Identity Manager (OIM) receives that password and updates "USR_PASSWORD" and "UD_ADUSER_PASSWORD".
4. Then the task (Change User Password or Password Updated) is invoked and the password is provisioned to AD side.
5. The unicodePwd is updated as the same string of the value at the step 1.  At this time the "User must change password at next logon" is turned off.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.