I have the remote loader (addriver.dll) loaded on our Windows AD DC and can not use the dirxml-uACPasswordCantChage alias on an Window Account to set "user can not change password".

I have found the TID
http://support.novell.com/cgi-bin/se...i?10093700.htm
that basically states "User can not change password" can not be set via IDM / DirXML because it is not an attribute; rather a security permission (DACL). This KB article was referenced for details as to the reason why.
http://support.microsoft.com/default...b;en-us;305144

In the details of the KB article was another link this MSDN article that basically said you can just not through ldap calls.
http://msdn.microsoft.com/library/de...p_provider.asp

From my perspective, addriver.dll is compiled binary that should be able to do more than LDAP calls; especially when the remote loader is installed directly on the DC using native authentication. Surely I am missing something...or am I?

Thanks

Terry Stockner
Stockntl
@
jmu.
edu



__ Details _____________
<attr-def attr-name="dirxml-uACPasswordCantChange" multi-valued="false" naming="false" required="false" type="state" />

addriver.dll orginal date - Tuesday, July 20, 2004, 4:34:34 PM

DirXML 2.0.5.51
Active Directory
Driver name: Remote Driver
Driver module: com.novell.nds.dirxml.remote.driver.DriverShimImpl
Driver ID: AD
Driver version: 3.0.1

Windows 2003 Enterprise SP1