Hello Sandeep, One thing that could be done is to set the disabled_flag (part of the user attributes of the user directories) to 16777216 (change Password at next logon). You need to set correctly all user attributes of the user directories and to set correctly a password policy. Also do not forget that your authentication scheme should be compatible with password services. Please let us know how it goes in your test environment. Disabled_flag: 0 = Enabled (no problems) 1 = Admin disabled 2 = Locked because of wrong password 4 = Disabled due to inactivity 8 = Password expired 9 = Admin disabled and PW expired 16777216 = Must change PW at next login 16777217 = Account is disabled and user must change their PW Hope it helps, Julien.