We have set msDS-User-Account-Control-Computed to password expired when user password last set is more than 3 months automatically. But if user resets the password through java code I need to reset this attribute (not sure to which one). I tried changing the value to 0x00000000 but then it was throwing the below error
Malformed 'ms-DS-User-Account-Control-Computed' attribute value; nested exception is javax.naming.directory.InvalidAttributeValueException: Malformed 'ms-DS-User-Account-Control-Computed' attribute value; remaining name 'CN=1234,OU=Users……'
I have tried the below code but then it was throwing error when I run it.
Attribute attr = new BasicAttribute("userPassword", newPassword);
ModificationItem item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
Attribute userCtrlAttr = new BasicAttribute("ms-DS-User-Account-Control-Computed", 0x00000000);
ModificationItem userCtrlItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, userCtrlAttr);
ldapTemplate.modifyAttributes(dn, new ModificationItem[] {item,userCtrlItem});
When I create a new user the value for ms-DS-User-Account-Control-Computed is like 0x00000200 and it shows like msDS-User-Account-Control-Computed: [ ??? (0x200) ] in ADLDS. For password expired users it shows like msDS-User-Account-Control-Computed: [ PasswordExpired, ??? (0x200) ] with a value of 0x00800200. Any suggestions ?
User contributions licensed under CC BY-SA 3.0