We are using CA SSO 12.6 and facing an unusual problem. The user directory being used is Active Directory and Enhanced AD Integration is not enabled.
We have enabled Basic Password Services and applied policy on password age. We have noticed that when the policy server sets the user status as Force Change password in the SM user status field (as mapped in user directory config), the pwdLastSet value is also set to 0.
This causes problems to other applications which are directly dependent on reading the pwdLastSet value to manage some transactions.
Can anyone please help me understand if this behaviour is expected and whether I can stop this from happening.
Thank you,
Avi