My Oracle Support Banner

"User must change password at next logon" flag turns off automatically using both AD Connector and AD Password Synchronization module (Doc ID 2024584.1)

Last updated on JULY 19, 2021

Applies to:

Identity Manager Connector - Version and later
Information in this document applies to any platform.


In the environment using both of Microsoft Active Directory User Management connector 11.1.1.x and Microsoft Active Directory Password Synchronization 9.1.1 (AD Password Sync module), the "User must change password at next logon" flag in Active Directory(AD) automatically turns off when a Windows Administrator resets an account's password from AD side.
It happens though the "Enforce password history" policy of MS Windows is used.
1.Reset an account's password from AD console.
2.AD Password Sync module detects it and sends the password to OIM side.
3.OIM receives that password and updates USR_PASSWORD and UD_ADUSER_PASSWORD.
4.Then the task (Change User Password or Password Updated) is invoked and the password is provisioned to AD side.
5.The unicodePwd is updated as the same string of the value at the step 1. At this time the "User must change password at next logon" turns off.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.