Two fold question, both related to IDM.
1) If you leave "Do not expire passwords after Admin password reset" as
unchecked, the expectation is, if I login as Admin and reset the
password, the expiry is set to 1992, and they must change password on
next login. Ok.
Does IDM setting a users password as a tree to tree, or AD to eDir sync
count as an Admin password reset?
2) In the Password Policy, you enable Require Unique passwords. But you
select NEITHER of the two sub options (store YY passwords, and it takes
XX days to expire each one. Or the much more sensible, store XX and
dump the oldest one when XX + 1 comes in.)
What happens? Unique forever? I did not think the snapins would allow
it, but it does, and I am looking at a site that has it set this way.