Re: useraccountcontrol not set when passwd expires
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 22 Aug 2005 13:29:27 -0500
AD uses the pwdLastSet to determine the password expiration, not that flag
in userAccountControl. The technique the external application is using will
not work.
Password expiration is determined by comparing the date the password was
last set (pwdLastSet) with the domain password max age policy (maxPwdAge)
and the current time.
Joe K.
"kj" <df@xxxxxxxxx> wrote in message
news:OebuGL0pFHA.3004@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
> We have an external application that uses LDAP to query
> "useraccountcontrol" values to determine the state of a users password.
>
> The problem we are seeing is that when a users password expires the
> "useraccountcontrol" varible does not get updated in AD to reflect this
> change
>
> So for normal account the value is 512 (decimal) and if passwd is expired
> it
> should be 8388608 but is stays at 512.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q305144
>
> Checked MS web site but could not find anything there.
>
> Any help would be appreciated.
>
> Thanks in advance.
>
> --kp
>
>
.
- References:
- Prev by Date: Re: Secure LDAP
- Next by Date: Re: ADAM Authentication in ASP.NET
- Previous by thread: useraccountcontrol not set when passwd expires
- Next by thread: Re: useraccountcontrol not set when passwd expires
- Index(es):
Relevant Pages
|
