Skip to content

Handle Expired Domain Passwords

When a user's domain password is expired and needs to be changed, Excalibur can manage the password reset. This issue is typically caused by your Active Directory configuration. Two requirements must be met:

  • Secure Connection (LDAPS) — your Identity Store connection must use the secure LDAPS protocol, not the unencrypted plaintext LDAP protocol.

  • Delegated Permissions — the service account used by Excalibur needs specific permissions delegated to it in Active Directory, such as "Reset Password" and "Write lockoutTime".

A complete, step-by-step guide is available in the Installation and Implementation Guide — Configure Active Directory Permissions for Password Reset.