Resolution
fact
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.0
fact
Directory and Resource Administrator 7.5
symptom
An error is returned when trying to expire a password via the ADSI Provider, however the LDAP provider works without error.
symptom
Error: 'Error 800a01a8, object required: objuser.get(...)'.
cause
The cause of this issue is that the Directory and Resource Administrator (DRA) server is not returning the information about pwdLastSet in the same format that the Active Directory does. Directory and Resource Administrator returns the value as a VT_DATE instead of an IAdsLargeInteger.
fix
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.0
fact
Directory and Resource Administrator 7.5
symptom
An error is returned when trying to expire a password via the ADSI Provider, however the LDAP provider works without error.
symptom
Error: 'Error 800a01a8, object required: objuser.get(...)'.
cause
The cause of this issue is that the Directory and Resource Administrator (DRA) server is not returning the information about pwdLastSet in the same format that the Active Directory does. Directory and Resource Administrator returns the value as a VT_DATE instead of an IAdsLargeInteger.
fix
The way this works through OnePoint is the same as Microsoft recommends/uses in msdn:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/user_must_change_password_at_next_logon.asp
User Must Change Password at Next Logon
To enable this option, set the pwdLastSet attribute to zero(0). To clear this flag, set the attribute to -1.
Example Code [Visual Basic]
Set usr = GetObject("LDAP://CN=Jeff Smith, OU=Sales, DC=Acme, DC=Com")
usr.Put "pwdLastSet", CLng(0)
usr.SetInfo
Additional Information
Formerly known as NETIQKB22664