We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

How to uncheck AD Account checkbox for User must change password on next logon

Harish_Yara
New Contributor III
New Contributor III

Hi Team,

When an AD account is provisioned by Saviynt by default that AD account's check box is checked for the option User must change password on next logon

Is there anyway to uncheck this checkbox by default after AD account is provisioned by Saviynt? 

In AD Connector CREATEACCOUNTJSON pwdLastSet=-1 is used.

@rushikeshvartak 

Thanks,

Harish

 

4 REPLIES 4

sk
All-Star
All-Star

Share the createAccountJSON


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

rushikeshvartak
All-Star
All-Star

https://forums.saviynt.com/t5/identity-governance/pwdlastset/m-p/22861


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @rushikeshvartak ,

When creating AD account for the first time User must change password on next logon option is not checked but when trigger Change Password task for that AD account from API call using changePassword API the check box is checked but we don't want to be checked after Change Password task is processed for that AD account is there anyway that we need to add/remove configs to make this work?

Thanks,

Harish

Hi @Harish_Yara 

Have you also tried passing the "pwdLastSet=-1" or "pwdReset ":" false"}," in the RESETANDCHANGEPASSWRDJSON?

{
"RESET": {
"initials": "X",
"telephoneNumber": "XXXXXXXXXX"
},
"CHANGE": {
"in
itials ":"
X ","
telephoneNumber ":"
XXXXXXXXXX "},"
CRITICALCONTROLDATA ":{"
AT
TRIBUTES ":{"
RESET ":{"
pwdReset ":" false "},"
CHANGE ":{}},"
CONTROLINITPARAMS ":{"
id ":"
X.X.XX.X.X.XX.XX ","
criticality ":true,"
value ":null}}}

External Ref: https://learn.microsoft.com/en-us/windows/win32/adsi/user-must-change-password-at-next-logon?source=...