"User must change password at next logon" flag turns off automatically using both AD Connector and AD Password Synchronization module
Last updated on SEPTEMBER 26, 2016
Applies to:Identity Manager Connector - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
In the environment using both of Microsoft Active Directory User Management connector 11.1.1 (AD CP) and Microsoft Active Directory Password Synchronization 9.1.1 (AD Password Sync module), the "User must change password at next logon" flag in Active Directory(AD) automatically turns off when a Windows Administrator resets an account's password from AD side.
It happens though the "Enforce password history" policy of MS Windows is used.
1.Reset an account's password from AD console.
2.AD Password Sync module detects it and sends the password to OIM side.
3.OIM receives that password and updates USR_PASSWORD and UD_ADUSER_PASSWORD.
4.Then the task (Change User Password or Password Updated) is invoked and the password is provisioned to AD side.
5.The unicodePwd is updated as the same string of the value at the step 1. At this time the "User must change password at next logon" turns off.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms