When a user's Active Directory (LDAP/TLS) PW is expired and GVC forces them to change it, they are allowed to use the same PW as their current one. Is this expected behavior?
AD GPO does not allow password reuse. It caches the last 10 PWs. The policy works fine for native Windows clients when they are forced to change their PW.
It's not a password caching issue. It's an issue when the user's AD password has expired and the GVC client forces them to change it. From Windows, they are not allowed to use the same PW. That has bee tested and works. However, if they use their current password when prompted for a new PW by the GVC client the password change goes through with no issues.
The LDAP Bind user is not a member of Domain Admins but is delegated for reset password and update password expiration. Without that attribute the Bind user was unable to make the password change in AD via LDAP.
Answers
Since this is not a local user on the firewall, rather an AD user account, you should review AD Password Policy.
AD GPO does not allow password reuse. It caches the last 10 PWs. The policy works fine for native Windows clients when they are forced to change their PW.
Hi @Dervari , make sure in the LDAP referrals settings you set as below, then it shouldn't cache the password
It's not a password caching issue. It's an issue when the user's AD password has expired and the GVC client forces them to change it. From Windows, they are not allowed to use the same PW. That has bee tested and works. However, if they use their current password when prompted for a new PW by the GVC client the password change goes through with no issues.
The LDAP Bind user is not a member of Domain Admins but is delegated for reset password and update password expiration. Without that attribute the Bind user was unable to make the password change in AD via LDAP.