I'm working on getting our NT4 domain sync'd with our ID Vault.
Users/Passwords seem to flow like I expect them to. But the one thing
that concerns me is the User Account Policy setup within the Domain.
For whatever reason, our domain has the default settings of expiring
users in 42 days. Our ID Vault is 90 days. At present, it's gonna take
an act of congress to get the domain changed from 42 days to 90 days.
So, the simplest solution that I could think of was to somehow set the
"Password Never Expires" flag on the user account and then let IDM take
care of the expirations. But, I can't find any obvious way to set that
After looking through the NT 4.0 driver documentation and googling for
an answer, I see a potential...just don't know how to put it together.
The "Flags" driver attribute maps to the "usri3_flags" attribute which
takes a data type of DWORD. According to MSDN under the NetUserSetInfo
function, it looks like this "usri3_flags" attribute can have a user
account control flag of UF_DONT_EXPIRE_PASSWD.
Any thoughts on a simple way to set the UF_DONT_EXPIRE_PASSWD flag when
creating a user account in the nt domain?