AD User Attribute

  • Thread starter Thread starter Don
  • Start date Start date
D

Don

I have a mixed environment of edirectory and ad. I'm in the process of
testing identity manager to handle syncronization of users / passwords,
etc... Currently password policies are handled by edirectory and ad
user passwords are set to never expire. We want to keep it that way,
however the IDM driver leaves the password policy in ad at the default.

Does anyone know the name of the user attribute to turn on which will
"check" the password never expires box? I'm guessing that this is a
boolean attribute that I can tell the IDM driver to set to 1.

Thanks in advance
 
Don said:
I have a mixed environment of edirectory and ad. I'm in the process of
testing identity manager to handle syncronization of users / passwords,
etc... Currently password policies are handled by edirectory and ad user
passwords are set to never expire. We want to keep it that way, however
the IDM driver leaves the password policy in ad at the default.

Does anyone know the name of the user attribute to turn on which will
"check" the password never expires box? I'm guessing that this is a
boolean attribute that I can tell the IDM driver to set to 1.
Click to expand...

The userAccountControl attribute has a bit that can be set for this.
However, this is just one of many bits in the attribute. In VBScript the bit
is set by OR'ing the value with the proper bit mask. For example:

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Set objUser = GetObject("LDAP://cn=Jim User,ou=Sales,dc=MyDomain,dc=com")
lngFlag = objUser.userAccountControl
lngFlag = lngflag OR ADS_UF_DONT_EXPIRE_PASSWD
objUser.userAccountControl = lngFlag
objUser.SetInfo

I don't know how you would get your driver to do this. You cannot just
assign a value to userAccountControl without messing up the other settings.
Note that &H10000 in hex is 65536 in decimal.
 
Richard said:
The userAccountControl attribute has a bit that can be set for this.
However, this is just one of many bits in the attribute. In VBScript the bit
is set by OR'ing the value with the proper bit mask. For example:

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Set objUser = GetObject("LDAP://cn=Jim User,ou=Sales,dc=MyDomain,dc=com")
lngFlag = objUser.userAccountControl
lngFlag = lngflag OR ADS_UF_DONT_EXPIRE_PASSWD
objUser.userAccountControl = lngFlag
objUser.SetInfo

I don't know how you would get your driver to do this. You cannot just
assign a value to userAccountControl without messing up the other settings.
Note that &H10000 in hex is 65536 in decimal.
Click to expand...

Interesting! IDM uses a dirxml driver so it doesn't sound like this is
an option although I may do some further research on it.

Thanks for your insight...
 
Back
Top