I was looking to help a client with syncing password expiration time,
eDir to AD. And I remembered my boss had done this before, and he talks
about it in the article
(I think the ellipsis at the end of the article gets escaped in a
funny fashion in the URL).

Anyway, reading his perspective, he is looking Pub channel. I.e. AD - >

The problem I am looking at is Sub channel, eDir -> AD.

But there is some memory that maybe you cannot set some of the values in
AD that need to be set?

Are we able to modify pwdLastSet in AD? (which was the one we can only
set to 0 to mean it needs to be changed on the next login?)

Or am I remembering something else?

If not, it is easy to write the rule for the Sub channel. (Rob did it
in IDM 3.01 without nested IF's, which makes the process bulky. Much
easier in 3.5.x and up!)

PS: Don't make me go back to 3.01 please! It is torture now! So many
cool features in 3.5x that I rely on every day!!!