I have a question concerning the IDM and Universal Password. We are
currently in the process of connection our eDir with Active Directory
through an eDir Identity Vault.

In our eDir are multiple (3) Universal Policies defined; all users are
UP enabled but some have no password configuration set (no password
expiration interval and expiration time configured) while others have a
full UP policy configured.

The Identity Vault is configured with 1 Universal Password policy; this
policy is enabled on the USERS container and the Logon security
container. This policy is the same as the full UP policy in the eDir.

Yesterday we migrated one of our eDir containers into the Identity
Vault, everything was OK at first but after some time and various
checks I found that some users were getting a password expiration time
configured at 01-01-1970 while they didn't had a password expiration
time set before the migration.

It's important that these users don't get a password expiration set,
otherwise they get problems connecting to other systems after they
reset their password.

How can I stop the system from setting the password expiration for
these users and is it OK to enable a configured UP policy on the USERS
container in the Identity Vault or does it have to be and unconfigured
policy with UP enabled?

Hope you can help, thanks in advance.

Greetz, Vern