I have a problem going on.
I am trying to set erForceChangePassword attribute to true on AD password change operation.
Every time I try to set some value to it, ITIM returns an error message stating password cannot be set.
Any suggestion as to how to solve it or what could have gone wrong ??
This topic has been locked.
7 replies Latest Post - 2013-02-07T18:53:13Z by SystemAdmin
Pinned topic Managing force change password attribute in AD Account through ITIM
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-02-07T18:53:13Z at 2013-02-07T18:53:13Z by SystemAdmin
Re: Managing force change password attribute in AD Account through ITIM2012-06-24T11:19:48Z in response to BalajiVuppuluriPlease take a look here : http://www.catb.org/~esr/faqs/smart-questions.html
You really need to show what you are doing also - not only your goal - remember that we do not know anything about setup unless you tell us....
Are you doing this in the workflows or in provisioning policy or just an account modify ?
What is the output from the logs ?
Try to as specific as possible - it makes it much more likely you will get a good answer soon.
Re: Managing force change password attribute in AD Account through ITIM2012-06-25T11:22:41Z in response to SystemAdminHi Franz,
logs are all green,
I initially had an error message stating password does not comply the rules,
I was setting erADForceChangepassword attribute to false.
I changed the code and tried to put it as -1.
I dont have any errors, but the the values are not being set.
I am doing this in the workflows.
Re: Managing force change password attribute in AD Account through ITIM2012-06-25T11:57:23Z in response to BalajiVuppuluriYou are still expecting to much mind reading :-) - but anyhow....
So based on the assumption that this is done in the entity change password operation you should set the erADForceChangepassword to "true" (if you want to force a password change after a password change in ITIM)
Take a look at this (rather old - but still good) document : http://www-01.ibm.com/support/docview.wss?uid=swg21191422&aid=1
The reason for the password failure you should be able to find in the AD Adapter log (and no - there is no such thing as "logs are all green" - either they report something or report nothing - and "logs" is very unspecific - you need to state the individual logs e.g. trace.log, WAS systemout.log etc. - the important log here is the AD Adapter log).
Re: Managing force change password attribute in AD Account through ITIM2012-06-25T14:45:59Z in response to SystemAdminThanks Franz for ducument,
My implimentation is almost same.
By green I meant there is nothing in logs.
everything shows as successfull (in ITIM trace).
at ITIM Account profile, forchangepassword is being even set top true but not being updated at AD platform.
in Adapter logs, I do not see any error either.
jmdennis 1100005CEY52 PostsACCEPTED ANSWER
Re: Managing force change password attribute in AD Account through ITIM2012-06-27T20:56:06Z in response to BalajiVuppuluriTry increasing the adapter logging to debug and ensure that the adapter is actually trying to set the value for erADForceChangepassword to true.