All,

A quick uestion for the group/forum...This may be more of a UP centric
issue than an IM one, but it came up during my IM eDir to eDir dist pasword
sync implementation, so I'll post here.

I have UP setup and policies established in my eDir tree. All users are
currently not a member of any of the policies, but I am getting ready to
add them into said policies in the near future.

In testing the implementation of UP, I have noted that when I add a given
user to a policy, and that same user then logs in following the policy
addition, their password is immediately set to expired. Consequently, on
the second login following the policy add, they are then prompted to change
their password.

The question is this...Is this normal behavior when implementing UP
policies? I would have assumed that their current expiration date would
have been honored by the policy. Under this scenario, if I add several
thousand users to a given UP policy at once, in turn they will all be
experiencing expired passwords, and subsequently trying to change their
passwords over the course a single day or two. With the addition of
password complexity, I would hate to see too many call to the help desk.

Adding the users piecemeal is not an option, as we are in a current eDir to
eDir sync config for these same users, and I need to implement dist
passwords in IM and start blocking the NDS public/private key pair all at
the same time. So, you can see the need to implement all at once...

I did not select the IM/policy option to force a password change if the
current password does not match the new complexity rules, so that is not
the issue. Also, I checked this against both the productiont tree, and
several test trees, and the behaviour is always the same.

Any ideas? Known behavior? Bug? My own stupidity?

Thanks in advance!

David Reagan