Password Reset Enforce History Policy

Go to solution
jshafton21
Kilo Guru

‎10-24-2016 11:50 AM

Has any one had issues with the Password Reset Enforce history policy on AD? I keep getting an error "A constraint violation occurred. (Exception from HRESULT: 0x8007202F)Stack Trace:".


I guess I have two questions:
For those of you that have Enforce history policy and aren't having any issues what level of access does your orchestration account have?

And for those of you that did have the issue how did you resolve it?

I have a work around in place, by un-checking the Enforce history policy box the password will be changed but it doesn't enforce the proper history.

Thanks!

Labels:
0 Helpfuls
  • 3,669 Views
1 ACCEPTED SOLUTION

Go to solution
jshafton21
Kilo Guru

‎10-31-2016 10:37 AM

Turns out we had a min password age of 1 instead of 0. Like it should be. Our security team didn't want to change this so I updated the workflow to force password change on next login which allowed the system to change the password and enforce the history policy.


View solution in original post

0 Helpfuls
9 REPLIES 9

Go to solution
jshafton21
Kilo Guru
In response to miked112

‎11-23-2016 04:34 AM

Hi Mike,



The workflow I edited was the PWD Reset - AD.



Here's the activity that I updated. As you can see I forced the "Force User to Change Password on Login"   to true.


find_real_file.png


Preview file
54 KB
0 Helpfuls

Go to solution
pranavparmar
Giga Contributor
In response to jshafton21

‎09-21-2017 02:16 PM

Hi Jared,



We also have similar security requirement and constraint is failing for us. So when you use this option, does user has to really change their password at the time of login or the Change Password Activity in the Password Reset workflow will be counted as "Force Password Change"?


0 Helpfuls

Go to solution
jshafton21
Kilo Guru
In response to pranavparmar

‎09-21-2017 04:10 PM

The system changing the password does count as the "Forced Password Change" however in our environment we had some timing issues with the way our AD replicates so users were occasionally being asked to change it again the flag wouldn't uncheck which caused issues for users not on the VPN.



To alleviate this if the password change was successful I did another password reset and forced that box to be unchecked.


0 Helpfuls

Go to solution
pranavparmar
Giga Contributor
In response to jshafton21

‎09-22-2017 05:11 AM

Thanks Jared. Let me test this out in our environment and see if that works for us or not.


0 Helpfuls

Go to solution
jchooi
Kilo Contributor

‎10-14-2018 09:13 AM

May I ask  what level of access does your orchestration account have?

Thanks!

0 Helpfuls