LDAP Attribute Definition#

The DirXML-PasswordSyncStatus AttributeTypes is defined as:

Understanding DirXML-PasswordSyncStatus Attribute[1]#

When a password synchronization operation is triggered on a user, the user's DirXML-PasswordSyncStatus attribute gets updated with the status of the <modify-password> operation. The value looks like:
39DB7DED8436EE4DF38039DB7DED843620140325141422721000000000001Code(-8032) Operation vetoed by policy

The values represented are:

  • The first 32 bytes represent the GUID of the driver the user is associated with: 39DB7DED8436EE4DF38039DB7DED8436
  • The next 17 bytes represent the password sync time in yyyyMMddHHmmssSSS format: 2014-03-25-14:14:22:721
  • The next 8 bytes are 00000000
  • The next 4 bytes indicate any one of the following status codes: (00001)
    • 0000: ERROR
    • 0001: WARNING
    • 0002: RETRY
    • 0003: FATAL
    • 0004: SUCCESS
  • The next string is the status message, if any: Code(-8017) Operation vetoed by object creation policy.

More Information#

There might be more information for this subject on one of the following: