There must be something I am missing because I know I had to do this
about 3yrs ago for a little while. On an edir-edir driver when an
account comes in the vault to be created with a special attribute, in
the create rule I have a policy that sets the passwordexpirationtime 10
days ahead AFTER the current operation. The account does have its
expiration pushed out 10days in the vault,,,however in the connected
edir system the password is expired--which I expect.

I modified the passexp policy in the CT on the other edir server to set
the passexp time 10days ahead--instead of grabbing the src attr. It is
still expired.

I know I have done this before---manually setting a passwordexp and
"syncing" it to the other edir tree---without putting passwordexp in the

What the heck am I missing?

jeff@linux1:~> glxgears
120308 frames in 5.0 seconds = 24061.553 FPS
jedijeff's Profile:
View this thread: