"User must change password at next logon" flag turns off automatically using both AD Connector and AD Password Synchronization module (Doc ID 2024584.1)

Last updated on SEPTEMBER 26, 2016

Applies to:

Identity Manager Connector - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

In the environment using both of Microsoft Active Directory User Management connector 11.1.1 (AD CP) and Microsoft Active Directory Password Synchronization 9.1.1 (AD Password Sync module), the "User must change password at next logon" flag in Active Directory(AD) automatically turns off when a Windows Administrator resets an account's password from AD side.
It happens though the "Enforce password history" policy of MS Windows is used.
Flow:
1.Reset an account's password from AD console.
2.AD Password Sync module detects it and sends the password to OIM side.
3.OIM receives that password and updates USR_PASSWORD and UD_ADUSER_PASSWORD.
4.Then the task (Change User Password or Password Updated) is invoked and the password is provisioned to AD side.
5.The unicodePwd is updated as the same string of the value at the step 1. At this time the "User must change password at next logon" turns off.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms