Hi,
Since we're working in a complex environment with both OpenLDAP and AD, we're syncing both LDAPs' user passwords. This works very nicely, but recently we've decided to use a single point of entry of password changes (an internal web site). Under the hood, nothing changes and everything still works very well.
Since we're using the single point of entry, we want to prohibit users to change their passwords in Windows itself (using CTRL+ALT+DEL or other options). I've selected the option "User cannot change password" for all affected users, and it seemed to work fine during initial tests.
But now, I've tried resetting my password several times using the external tool, and suddenly, the checkbox was unchecked for "User cannot change password".
Is this option reset after the user password is changed directly through AD's LDAP once or several times? Any workaround to avoid this flag getting reset?
My explanation might be vague, just tell me if I need to clarify things a bit more.
