I have the remote loader (addriver.dll) loaded on our Windows AD DC and can not use the dirxml-uACPasswordCantChage alias on an Window Account to set "user can not change password".
I have found the TID
that basically states "User can not change password" can not be set via IDM / DirXML because it is not an attribute; rather a security permission (DACL). This KB article was referenced for details as to the reason why.
In the details of the KB article was another link this MSDN article that basically said you can just not through ldap calls.
From my perspective, addriver.dll is compiled binary that should be able to do more than LDAP calls; especially when the remote loader is installed directly on the DC using native authentication. Surely I am missing something...or am I?
__ Details _____________
<attr-def attr-name="dirxml-uACPasswordCantChange" multi-valued="false" naming="false" required="false" type="state" />
addriver.dll orginal date - Tuesday, July 20, 2004, 4:34:34 PM
Driver name: Remote Driver
Driver module: com.novell.nds.dirxml.remote.driver.DriverShimImpl
Driver ID: AD
Driver version: 3.0.1
Windows 2003 Enterprise SP1