This discussion is archived
2 Replies Latest reply: Nov 9, 2012 3:13 AM by 811701 RSS

how to set 'User cannot change password' in Active Directory

811701 Newbie
Currently Being Moderated
Hi,

Does anyone know how to set 'User cannot change password' in AD from IDM? Apparently you cannot use 'userAccountControl' for this setting.

(IDM 8.1.1.x with Exchange Connector)
  • 1. Re: how to set 'User cannot change password' in Active Directory
    917206 Newbie
    Currently Being Moderated
    The only way I was able to accomplish this, on a previous implementation, was using a create after resource action. This would execute a script to set the required security parameters involved on AD. I don't have the code or I would share it. Please try the following as relevant resources.

    http://docs.oracle.com/cd/E19225-01/821-0092/bzbuc/index.html

    http://www.ozzu.com/mswindows-forum/creating-new-users-active-directory-vbscript-t47491.html
  • 2. Re: how to set 'User cannot change password' in Active Directory
    811701 Newbie
    Currently Being Moderated
    We have a simular requirement: password changes only via IDM.

    I'd rather not use after create or after update actions with the Exchange Connector (I heard it's buggy) so I wonder if it is possible to set "User cannot change password" with a policy in Active Directory on some ou's.

    Does anyone know how to do that?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points