Does anyone know how to leverage the AD Plugin 2.0 to address setting the switches "Cannot Change Password" and "Password Never Expires" for a AD user account? I noticed the plugin has a method associated with the scriptable object for setChangePasswordAtNextLogon but not the two referenced above. Can it be done through the setAttribute method?
Thanks in Advance,
It's a kind of tricky thing but it can be done.
First of all, you can set any Attribute of an AD user using "setAttribute".
If you want to change the email of a user, you do the following:
(user represent an AD:User object in Orchestrator)
All the properties in the AD "Account Options" tab of the Active Directory are set in the property userAccountControl.
You need to find the right value for your needs. The following URL tells you the values for each option:
To set Password Never Expires you need to add: NORMAL_ACCOUNT (512) + DONT_EXPIRE_PASSWORD (65536) = 66048
So, you need to do the following:
User Cannot Change Password is a complete different thing, it's not an attribute but a property of the object. This URL explains it how to change it by code in .NET:
Hope this helps you.