<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Jussi,</p>
<p><br>
</p>
<p>this behavior could be caused by a policy on Azure AD that is
setting the flag for "must change password at next logon" in
UserAccountControl whenever the password is changed.</p>
<p><br>
</p>
<p>Best regards,</p>
<p>Marc</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Am 03.01.22 um 12:37 schrieb Jussi
Jokela via midPoint:<br>
</div>
<blockquote type="cite"
cite="mid:HE1PR10MB16413E646D63C9E18975916993499@HE1PR10MB1641.EURPRD10.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Hi everyone,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Anyone having some ideas for this? Currently a blocker for me.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Best regards,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Jussi Jokela<br>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
midPoint <a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a> on behalf
of Jussi Jokela via midPoint
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Sent:</b> Friday, December 31, 2021 11:32<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a><br>
<b>Cc:</b> Jussi Jokela <a class="moz-txt-link-rfc2396E" href="mailto:jussi.jokela@fiarone.com"><jussi.jokela@fiarone.com></a><br>
<b>Subject:</b> [midPoint] Changing user password in Azure AD
with Microsoft Graph API connector</font>
<div> </div>
</div>
<style type="text/css" style="display:none">p
{margin-top:0;
margin-bottom:0}</style>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Hi everyone,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
I'm having some difficulties with Azure AD and MS Graph API
connector (1.0.0.1-SNAPSHOT).</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
When I'm changing users password in midpoint, Azure still
wants that user to change password in next login to Azure
(password expired or first login error). I'm also mapping the
passwordProfile.forceChangePasswordNextSignIn = false, but
looks like this has no effect? Anyone else having same
problems?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Weird thing is, when I'm creating a new user in midpoint and
this user is also provisioned to Azure AD, this user can sign
in without forced password change.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Best regards,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Jussi Jokela<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Marc Füller
Consultant
DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
Germany
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email: <a class="moz-txt-link-abbreviated" href="mailto:marc.fueller@daasi.de">marc.fueller@daasi.de</a>
web: <a class="moz-txt-link-abbreviated" href="http://www.daasi.de">www.daasi.de</a>
Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz</pre>
</body>
</html>