<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/20/2015 05:28 AM, Mihai Carabas
wrote:<br>
</div>
<blockquote
cite="mid:CANg1yUvWfagVZjQjLgD-NUyh6CqwKGYFYhMh+668eN6_6EL+yg@mail.gmail.com"
type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div>We've setup an 389 Directory Server on a Fedora21 and
configured synchronization with an Active Directory (running
on an Windows2012R2 Datacenter). We've managed to synchronize
all the accounts from the 389DS to AD (about 44000). All the
accounts have the "user must change password at next logon" in
the AD, even if the users change their passwords on the 389DS,
The password gets to the AD, but the flag for "user must
change password at next logon" still remains active (basically
forces the user to change their password on the Active
Directory). Is there any workaround for this?</div>
</div>
</blockquote>
<br>
389 winsync does not sync password policy related attributes. You
will need to handle this offline, using scripts.<br>
<br>
<blockquote
cite="mid:CANg1yUvWfagVZjQjLgD-NUyh6CqwKGYFYhMh+668eN6_6EL+yg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>The attribute passwordMustChange in the 389DS is set to
Off.</div>
<div><br>
</div>
<div>Thank you,</div>
<div>Mihai Carabas</div>
<div>University POLITEHNICA of Bucharest</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>