I'm working to set up the email notification for password failures on an
AD driver and IDM 3.5.1.

Password changes are working. When I set my test user password to a value
that complies with the AD rules and my UP policy rules, the password
synchronizes.

When I set my test user password to a value that does not meet the
criteria of the AD domain, the password change will fail and the trace
will show that I set the password to an invalid value (Err=2245). But,
when this happens, no email is sent out.

I believe my SMTP settings are correct, and the GCV for this is TRUE.

I'm seeing that the rule "if-operation equal "status"" is showing FALSE in
my trace (below). Looking in the Policy Builder manual, I don't show
"status" as a possible value for If-Operation. Any ideas on why this is
FALSE, and how to get it to show TRUE?



Applying policy: %+C%14C'Email notifications for failed password
publications'%-C.
[01/29/08 13:10:18.314]:AD-QA-TEST ST: Applying to modify-password #1.
[01/29/08 13:10:18.314]:AD-QA-TEST ST: Evaluating selection criteria
for rule 'Send e-mail for a failed publish password operation'.
[01/29/08 13:10:18.315]:AD-QA-TEST ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
[01/29/08 13:10:18.315]:AD-QA-TEST ST: (if-operation equal "status")
= FALSE.
[01/29/08 13:10:18.316]:AD-QA-TEST ST: Rule rejected.
[01/29/08 13:10:18.316]:AD-QA-TEST ST:Policy returned: