Hi, update on thread below, still can't get password expiry working
properly on first login.

Users are created in AD, some with password some without. I migrate
them into eDir and set the password using the rule below. when I log in
eDir accepts the password but does not expire it, so AD asks for a
password. I want eDir to expire the password so it syncs through on

If I set the UP manually it syncs through fine.

I have publish to NDS set to true.

Thanks in advance


<description>set user default password</description>
<comment xml:space="preserve">Sets a default password for the user if
none exists. If you have enabled password sync, the default password
will be replaced on the next password change operation. If the driver
shim has cached a password from a recent add event in Active Directory,
it will be published shortly after this command completes. Otherwise,
the default password will remain in effect until the password is changed
in either the Identity Vault or Active Directory.</comment>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-password disabled="true" op="not-available"/>
<if-op-attr name="Surname" op="available"/>
<token-text xml:space="preserve">**password**</token-text>
<description>Expire Password</description>
<if-class-name op="equal">User</if-class-name>
<do-set-dest-attr-value name="Password Expiration Time"
<token-text xml:space="preserve">NIU\Users\</token-text>
<token-op-attr name="CN"/>
<arg-value type="time">
<token-time format="!CTIME" tz="UTC"/>

ddnicholls's Profile: http://forums.novell.com/member.php?userid=4926
View this thread: http://forums.novell.com/showthread.php?t=350880