AnsweredAssumed Answered

PASSWD_CANT_CHANGE AD attribute

Question asked by Ricardo Enrique Perez Andrade

on Oct 5, 2016
Latest reply on Aug 21, 2019 by Abhinav Singh

Like • Show 1 Like1
Comment • 3

Hi,

We are provisioning accounts in AD using the AFX native connector. We are able to create the accounts with no issues, but the customer wants to set the "User cannot change password" option on these accounts. We tried the solution mentioned in this post 000032426 - How to update the LDAP Active Directory Connector UserAccountConrol attribute for use with RSA Via Lifecycle and Governance (L&G) 6.9.1 P08 , which mentions that userAccountControl must have the value "64", but this approach is not working for these accounts.

Can someone have tried a different approach for this?

Thanks,

Ricardo Pérez

Steven Papaleo Oct 5, 2016 9:12 PM

Correct Answer

Hi Ricardo,

When you set the value for "userAccountControl" in your provisioning node you need to use the Property Flag value and not the Value in Decimal. So in your case you need to put the value as "PASSWD_CANT_CHANGE" instead of "64" as you are currently doing.

See the reply in context

3 people also had this question

Outcomes

Steven Papaleo Oct 5, 2016 9:12 PM

Hi Ricardo,

Actions

Ricardo Enrique Perez Andrade

@ Steven Papaleo on Oct 6, 2016 9:16 AM

Hi Steven,

Thanks for your post, we actually tried sending that parameter and the hexadecimal value also but non of those two options worked. I saw a Microsoft´s post that says there is not possible to set this configuration manipulating userAccountControl attribute https://support.microsoft.com/en-us/kb/305144.

Thanks,

Regards.

Actions

Abhinav Singh Aug 21, 2019 12:12 PM

Hello guys,

We also have the same issue we are unable to set this option for AD Account "User cannot change password" from AFX AD connector.

Can you please provide the UAC(User Account control) value for this option.

we want to set the below status for functional account.

Normal Account,Don't_Expire_Password,User_can't change password

Actions

3 Replies

Steven Papaleo Oct 5, 2016 9:12 PM
Unmark Correct
Correct Answer
Hi Ricardo,

When you set the value for "userAccountControl" in your provisioning node you need to use the Property Flag value and not the Value in Decimal. So in your case you need to put the value as "PASSWD_CANT_CHANGE" instead of "64" as you are currently doing.
Like • Show 0 Likes0
Actions
- Ricardo Enrique Perez Andrade @ Steven Papaleo on Oct 6, 2016 9:16 AM
  Mark Correct
  Correct Answer
  Hi Steven,
  Thanks for your post, we actually tried sending that parameter and the hexadecimal value also but non of those two options worked. I saw a Microsoft´s post that says there is not possible to set this configuration manipulating userAccountControl attribute https://support.microsoft.com/en-us/kb/305144.
  
  Thanks,
  Regards.
  Like • Show 0 Likes0
  Actions
Abhinav Singh Aug 21, 2019 12:12 PM
Mark Correct
Correct Answer
Hello guys,
We also have the same issue we are unable to set this option for AD Account "User cannot change password" from AFX AD connector.

Can you please provide the UAC(User Account control) value for this option.

we want to set the below status for functional account.

Normal Account,Don't_Expire_Password,User_can't change password
Like • Show 0 Likes0
Actions