Release NotesPolicy Server Release NotesDefects Fixed in SiteMinder ReleasesDefects Fixed for 6.0 SP2 › Ignoring pwdLastSet Attribute in Active Directory Global Catalog Support (35293)

Previous Topic: Deleting a Rule Caused Policy Server to Fail (34673)

Next Topic: IdentityMinder 6.0 Environments and Roles in the Policy Server User Interface (35381)
Ignoring pwdLastSet Attribute in Active Directory Global Catalog Support (35293)

The Policy Server's user store supports the Global Catalog Support feature in Active Directory. If you are using Active Directory Global Catalog Support, you can ignore the pwdLastSet attribute by doing the following:

Windows systems

  1. From the Windows Start menu, select Run.
  2. Enter regedit in the Run dialog box and click OK.
  3. In the Registry Editor, navigate to:

    \HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider

  4. Add the IgnoreADPwdLastSet REG_DWORD registry key and set to a non-zero value to ignore the pwdLastSet attribute.

UNIX systems

  1. Navigate to <install dir>/siteminder/registry
  2. Open sm.registry in a text editor.
  3. Locate the following text in the file:

    \HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider

  4. Locate the line that follows the line from step 3 and create the IgnoreADPwdLastSet REG_DWORD registry key.
  5. Set the value to a non-zero value to ignore the pwdLastSet attribute.