I have many users created using CA IM with a password.When the users are provisioned in AD, the field UserAttributeControl is set to 544 (which means that the user has an optional password).I don't understand why? The user has a password in the userstore.
Can somebody help me understand why? How is it possible to fix it ?
If you continue to have problems with this, please open a support ticket with CA Support.
Support Delivery Manager
UserAccountControl value 544 means that the account is enabled but must to change password on next logon. How are you creating the AD Accounts? Is it via a Provisioning Role and Account Template? If so you should check the Account Template to see if you have it configured to setting the password must be changed on next logon. If further assistance is required I recommend opening a support case.
Thank you Kenyy for your reply.
The AD accounts are created using Provisioning and Account templates.
The user is created having the status "16777216" to push him change his password after his first logon.
However, even if the user is enabled now (After he has changed his password), the userAccountControl keeps the value 544.
Please look into your AD template if "user must change password at next logon" is selected. Are you setting AD account's userAccountControl in PX?