Change Password Next Logon operation

The Change Password Next Logon operation enables the user to change account password at the next logon session in Microsoft Active Directory. 

The following table describes the elements for the <items> XML element and adapter request for the Change Password Next Logon operation.

Input elements for the Change Password Next Logon operation

Element

Definition

Required

<adapter name>

Specifies the name of the adapter

Default name of the adapter is ActiveDirectory

No

<target>

Specifies the target for the request 

If this element is not present, the adapter uses the default target specified in its configuration.

No

<host>

Specifies the host name or IP address of the remote computer 

To specify a dynamic target, you must use this element.

 

<username>

Specifies the user name for remote host authentication 

To specify a dynamic target, you must use this element.

 

<password>

Specifies the password that corresponds to the user name

 

<commands>

Indicates the beginning of the <commands> element, which contains the individual <command> elements

 

<command>

Indicates the beginning of a <command> element, which contains the elements that specify the operation to execute and its parameters

 

<active-directory-command>

Specifies the operation to execute 

Default value: Set Must Change Password Next Logon

 

<object distinguished name>

Contains the distinguished name of the object

Yes

<parameters>

Contains the element list for the operation

Yes

<must-change-password>

Specifies whether to change the password for the user account

Valid values: Yes, No

Yes

The following figure shows a sample adapter request for the Change Password Next Logon operation.

Sample adapter request for the Change Password Next Logon operation

<request-data>
 <active-directory-request>
   <commands>
     <command>
       <active-directory-command>Set Must Change Password Next Logon</active-directory-command>
       <object-class>User</object-class>
       <object-distinguished-name>CN=Testuser,CN=Users,DC=qa02dc,DC=local</object-distinguished-name>
       <parameters>
         <must-change-password>****MASKED****</must-change-password>
       </parameters>
     </command>
   </commands>
 </active-directory-request> 

The following figure shows the adapter response for the Change Password Next Logon operation.

Adapter response for the Change Password Next Logon operation

<active-directory-response>
 <metadata>
   <status>success</status>
 </metadata>
 <target-output host="vw-pun-rba-qa02.bmc.com">
   <metadata>
     <os-id>Windows Server 2012</os-id>
     <os-version>6.2.9200</os-version>
     <status>success</status>
   </metadata>
   <commands-output>
     <command-output>
       <metadata>
         <command>dsmod user  "CN=Testuser,CN=Users,DC=qa02dc,DC=local" -mustchpwd "yes"</command>
         <line-count>5</line-count>
         <execution-milliseconds>22704</execution-milliseconds>
         <exit-code>0</exit-code>
         <status>success</status>
       </metadata>
       <output>
         <line index="1">Copyright 2010 BMC Software Ltd, Version: 1.5  </line>
         <line index="2">Connecting to remote service...</line>
         <line index="3">Connected to remote host.</line>
         <line index="4">dsmod succeeded:CN=Testuser,CN=Users,DC=qa02dc,DC=local</line>
         <line index="5">Remote application exited with code: 0 </line>
       </output>
     </command-output>
   </commands-output>
 </target-output>
</active-directory-response>

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*