User Guide
260 Chapter 6 Configuring authentication
320818-A
Managing Active Directory passwords using the CLI
You can set up a mechanism for clients to change their passwords when the
passwords expire.
1 Define a user group in the Local database for users whose passwords have
expired.
2 Create a linkset and link to a site where the user can change the password (see
“Configuring groups using the CLI” on page 198).
3 Map the linkset to the group (see “Mapping linksets to a group or profile using
the CLI” on page 206).
4 Set the Active Directory settings using the
/cfg/domain 1/aaa/auth #/ldap/activedire command.
To manage clients whose passwords have expired or who need to change their
passwords, use the following command:
/cfg/domain 1/aaa/auth #/ldap/activedire
The Active Directory Settings menu displays.
The Active Directory Settings menu includes the following options:
/cfg/domain 1/aaa/auth #/ldap/activedire
followed by:
enaexpired true|false
Specifies whether the system will perform a
password-expired check.
•
true — the system performs a password-expired
check against Active Directory when the client logs
on
•
false —the system does not perform a
password-expired check against Active Directory
when the client logs on
expiredgro <group>
Specifies the group in which clients with expired
passwords will be placed.