Using SSPR to force user to change password at next logon

  • 7016290
  • 10-Mar-2015
  • 10-Mar-2015


Self Service Password Reset
SSPR 3.2
AD Environment
Active Directory as LDAP directory


How to to force user to change password at next logon after an SSPR Helpdesk user has reset password.
Using SSPR to set the 'user must change password at next logon' flag.
User can't change the password through SSPR after it was reset through help desk module.


Configure SSPR to change the value of the "pwdLastSet" ldap attribute in Active Directory to "0"  when the password is reset through the SSPR helpdesk module.  AD considers a value of "0" in the ldap attribute "pwdLastSet" to be the same as setting the flag 'user must change password at next logon.'


In SSPR Config Manager --> Modules --> Helpdesk -->  Post Set Password Actions (Advanced)
Click "Add Value" Assign Name and description
Select "ldap" from the drop down
Click "options" and add attribute name and value
  Attribute name:   pwdLastSet
  Attribute Value:  0

Additional Information

The "Helpdesk Actor Actions (Advanced)" (also in Modules --> Helpdesk) can also  be used to change this attribute.