2 Replies Latest reply: Nov 9, 2012 5:13 AM by 811701 RSS

    how to set 'User cannot change password' in Active Directory

    811701
      Hi,

      Does anyone know how to set 'User cannot change password' in AD from IDM? Apparently you cannot use 'userAccountControl' for this setting.

      (IDM 8.1.1.x with Exchange Connector)
        • 1. Re: how to set 'User cannot change password' in Active Directory
          kamiliam
          The only way I was able to accomplish this, on a previous implementation, was using a create after resource action. This would execute a script to set the required security parameters involved on AD. I don't have the code or I would share it. Please try the following as relevant resources.

          http://docs.oracle.com/cd/E19225-01/821-0092/bzbuc/index.html

          http://www.ozzu.com/mswindows-forum/creating-new-users-active-directory-vbscript-t47491.html
          • 2. Re: how to set 'User cannot change password' in Active Directory
            811701
            We have a simular requirement: password changes only via IDM.

            I'd rather not use after create or after update actions with the Exchange Connector (I heard it's buggy) so I wonder if it is possible to set "User cannot change password" with a policy in Active Directory on some ou's.

            Does anyone know how to do that?