I don't see anything in the documentation or in the AD driver that
indicates that eDirectory synchronzies information about password
expiration with Active Directory. Is this true?


Situation:
-Primary vault for user information is eDirectory for our organization.
IDM 3.01 syncs accounts between AD and eDir
-user's computer belongs to AD domain, and never uses netware servers -
no novell client
-password expires in eDirectory after 60 days.
-user's password in AD never expires since the expiration never sync's to
AD.


Do I need to setup my AD domain to expire passwords independently of eDir?



I know that setting up synchronization could be difficult because AD
prevents logins when the account expires (and starts prompting serveral
days in advance to change the password) while eDir starts into grace
logins after the password has expired.