Friday, July 29, 2011

How to prevent password expiration for newly created Active Directory users

QUESTION:
When we create a new Active Directory user and browse to it using the "Active 
Directory Users and Computers" console, we can see that the "User Must Change 
Password at Next Logon" is checked (this option is found under the "Account" tab).

How do we setup the resource adapter so that this doesn't happen.
ANSWER:
The way to set expirePassword is to set password.accounts[RESOURCENAME].expire:

  <FieldLoop for='name' in='password.accounts[*].name'>
    <Field>
      <Field name='password.accounts[$(name)].selected'>
        <Expansion>
          <s>true</s>
        </Expansion>
      </Field>
      <Field name='password.accounts[$(name)].expire'>
        <Expansion>
          <s>false</s>
        </Expansion>
      </Field>
    </Field>
  </FieldLoop>

If you know the resource name then you don't need to put it through the loop.
Posted by Identity Solutions at 1:40 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)