Hi, I'm setting the eDir password expiry using the rule below to expire
the UP.

Turns out when a non NMAS client is used it expires the password, but
an NMAS client does not. I take it this means the NDS password is
expired but the UP is not. I'm assuming that David G's rule is working
fine but I have something wrong in the PW policy/GCV. I just want the PW
to expire on first login after a user is migrated from AD. Could someone
tell me how the following should be set for this.

Publish Password to NDS
Publish Password to Distribution
Sync NDS password when setting UP
Sync Dist password when setting UP
Do not expire the user's pw when the admin sets the pw



<description>set user default password</description>
<comment xml:space="preserve">Sets a default password for the user if
none exists. If you have enabled password sync, the default password
will be replaced on the next password change operation. If the driver
shim has cached a password from a recent add event in Active Directory,
it will be published shortly after this command completes. Otherwise,
the default password will remain in effect until the password is changed
in either the Identity Vault or Active Directory.</comment>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-password disabled="true" op="not-available"/>
<if-op-attr name="Surname" op="available"/>
<token-text xml:space="preserve">**password**</token-text>
<description>Expire Password</description>
<if-class-name op="equal">User</if-class-name>
<do-set-dest-attr-value name="Password Expiration Time" when="after">
<token-text xml:space="preserve">NIU\Users\</token-text>
<token-op-attr name="CN"/>
<arg-value type="time">
<token-time format="!CTIME" tz="UTC"/>

ddnicholls's Profile: http://forums.novell.com/member.php?userid=4926
View this thread: http://forums.novell.com/showthread.php?t=351036