Hello,
Does anyone know how to leverage the AD Plugin 2.0 to address setting the switches "Cannot Change Password" and "Password Never Expires" for a AD user account? I noticed the plugin has a method associated with the scriptable object for setChangePasswordAtNextLogon but not the two referenced above. Can it be done through the setAttribute method?
Thanks in Advance,
Mike
Hi zdog59,
It's a kind of tricky thing but it can be done.
First of all, you can set any Attribute of an AD user using "setAttribute".
If you want to change the email of a user, you do the following:
user.setAttribute("mail", strEmail);
(user represent an AD:User object in Orchestrator)
All the properties in the AD "Account Options" tab of the Active Directory are set in the property userAccountControl.
You need to find the right value for your needs. The following URL tells you the values for each option:
https://support.microsoft.com/en-us/kb/305144
To set Password Never Expires you need to add: NORMAL_ACCOUNT (512) + DONT_EXPIRE_PASSWORD (65536) = 66048
So, you need to do the following:
user.setAttribute("userAccountControl", 66048);
User Cannot Change Password is a complete different thing, it's not an attribute but a property of the object. This URL explains it how to change it by code in .NET:
https://msdn.microsoft.com/en-us/library/aa746398.aspx
Hope this helps you.
D.
Thanks D!
I'm gonna try that this afternoon, but sounds spot on!
Mike
Hi,
the User cannot change password seems sophisticated and I am not sure how to put this into a vRO script. Does anyone have an example code or ready workflow for it?
Anyone?
Thank you!! this helped.
Thank you!