Is it Possible to Sync Password Expiration Time from eDirectory to Active Directory

  • 7000895
  • 09-Jul-2008
  • 26-Apr-2012

Environment

Novell Identity Manager - Password Synchronization
Novell Identity Manager 3.5.1
Novell Identity Manager Driver - Active Directory

Situation

Is it Possible to Sync Password Expiration Time from eDirectory to Active Directory?

Resolution

No.  There is no way to do it.  Unlike eDirectory, a user's password expiration date is not an attribute of a user's profile in Active Directory. When a user logs in the pwdLastSet attribute (from the user on the domain) plus the maxPwdAge (from the domain) is added together.  Then it is compared to the current time.  If the current time is greater than the other 2 added attributes then the user is locked out of the system.
 
Because of this different way of handling password expirations, we cannot override the Active Directory setting.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.